Follow

The more I read about @delta, the more I like it. With one exception:

> Delta Chat apps (and other Autocrypt-compatible e-mail apps) share the keys required for end-to-end-encryption automatically as the first messages are sent. After this, all subsequent messages are encrypted end-to-end automatically. If one of the chat partners uses a non-Autocrypt e-mail app, subsequent messages are not encrypted until an Autocrypt-compliant app is available again.

This screams "downgrade attacks" at me.

· · Web · 2 · 1 · 5

I remember having this conversation with some other people building Autocrypt-enabled mail clients. I need a way to say: "no, really, *reject any attempt of unencrypted communication, always*."

This is non-negotiable (ha!). Downgrade attacks are real, and when I'm encrypting my mail it's partially because I do not trust my e-mail provider entirely.

A security breach of the provider can allow an attacker to disable encryption on a conversation, that's not okay in my threat model.

@rysiek @delta More of a limitation of the Autocrypt spec, no?

@trashheap @delta potEHto potAHto. As a user I don't care *why* my conversation might suddenly get stripped of encryption.

I do not see a reason why the client software could not be told *by the user* "please ignore anything that tries to trick you to stop encrypting".

It boggles my mind that this is even up for debate in 2021...

@rysiek Not saying it is fine it downgrades. Just that I kinda get why @delta wouldn't want to say break that spec for interoperability purposes.

Seems like the easiest thing to do would be to visualize to the user when encryption is broken. Not unlike what the Conversations XMPP client does with OMEMO.

It might even do that, im not sure. Been playing with it some this morning but not enough where it's obvious to me.

@trashheap @rysiek In fact Delta chat has an feature called "verified groups" that guarantees e2e encryption safe against active attacks. See countermitm.readthedocs.io/en/ for more background on this.

@delta @trashheap yeah, encrypted groups are a step forward.

That said, I work with people who actually need e2ee. A tool that supports unencrypted comms, especially if a running conversation can be downgraded to cleartext, is simply dangerous to them.

Any chance of implementing some form of "pinning" a conversation with a contact to *always* encrypt?

@rysiek @trashheap that's coming yes and continously discussed. It's a pretty complex discussion and involves also the what is discussed at the intro of the autocrypt spec autocrypt.org/level1.html -- but the "verified" chats are build on top of this and we plan to offer this for Autocrypt level 2 discussions that were however hugely disrupted by the pandemic (we need physical gatherings to move such things forward)

@delta @trashheap ah, great to hear!

Don't get me wrong, I strongly support working on standards level to improve things.

But I also know what the realities of working with tired, scared people at-risk are.

Thanks for doing what you guys are doing!

@rysiek @trashheap @delta I love Delta but it can be jarring how some messages are sent unencrypted because someone I talk to on Delta all the time has sent a normal email since our last encrypted talk

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!