The point is that DeltaChat didn't invent a new protocol, start something from scratch and write the software for it from the first line. As there is a saying:
Good programmers write programs from scratch. Great programmers find an already existing program and use it as a base.
#DeltaChat didn't invent #Email, #PGP, #autocrypt or new technology for #webxdc. Even WebXDC's real time channels don't use a technology invented by DC.
In 2014 @matthew_d_green wrote "What's the matter with PGP?" https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/
We'd like to humbly report completion of its main suggestions. Better late than never! :)
- Key management is automatic through #securejoin and #autocrypt protos
- #chatmail relays form an end-to-end encrypted email enclave interoperable with any e-mail address using proper end-to-end encryption.
- RFC 9580 "cryptorefresh" is rolled out in current releases and will be activated soon.
One to go? ;)
![screenshot of a part of the blog post from Matthew Greene:
So what should we be doing?
Quite a lot actually. The path to a proper encrypted email system isn’t that far off. At minimum, any real solution needs:
[a green verified checkmark on the following paragraph]
« A proper approach to key management. This could be anything from centralized key management as in Apple’s iMessage — which would still be better than nothing — to a decentralized (but still usable) approach like the
o one offered by Signal or OTR. Whatever the solution, in order to achieve mass deployment, keys need to be made much more manageable or else submerged from the user altogether.
« Forward secrecy baked into the protocol. This should be a pre-condition to any secure messaging system.
« Cryptography that post-dates the Fresh Prince. Enough said.
[a green verified checkmark on the following paragraph]
o « Screw backwards compatibility. Securing both encrypted and unencrypted email is too hard. We need dedicated networks that handle this from the start.](https://assets.chaos.social/media_attachments/files/114/307/254/860/811/510/original/2fea951f4754e8ea.png "screenshot of a part of the blog post from Matthew Greene:
So what should we be doing?
Quite a lot actually. The path to a proper encrypted email system isn’t that far off. At minimum, any real solution needs:
[a green verified checkmark on the following paragraph]
« A proper approach to key management. This could be anything from centralized key management as in Apple’s iMessage — which would still be better than nothing — to a decentralized (but still usable) approach like the
o one offered by Signal or OTR. Whatever the solution, in order to achieve mass deployment, keys need to be made much more manageable or else submerged from the user altogether.
« Forward secrecy baked into the protocol. This should be a pre-condition to any secure messaging system.
« Cryptography that post-dates the Fresh Prince. Enough said.
[a green verified checkmark on the following paragraph]
o « Screw backwards compatibility. Securing both encrypted and unencrypted email is too hard. We need dedicated networks that handle this from the start.")
@sardon not that we know off. As far as we know thunderbirds current extension model does not allow even an #autocrypt compliant plugin let alone all the rest that delta offers. #enigmail used to offer full autocrypt support but when thunderbird changed the plugin model and integrated openpgp into thunderbird they went back to the old idea of "users have to consciously manage their encryption keys" ... An unfortunate old tradition. We aim for modern usable security like signal delivers.
@ryanleesipes still #autocrypt support 
Question for you!
Do you have any documentation, guides, or tips on how to get #neomutt's #autocrypt working with a chatmail server?
I've gotten as far as importing my keys so I can read messages from the mail server on both clients, but I can't figure out how to extract the keys from a message so I can add them and send successfully from mutt.
What am I missing?
@ryanleesipes In the talk you offer help for integrating privacy respecting standards (not the proton mail approach)
I'm no expert - but #autocrypt and therefore #deltachat support would be awesome - what is holding you back?
An enjoyable and fruitful #OpenPGP email 2024 summit closing up .... with many standardization efforts roughly agreed between several players: maximizing metadata protection (IETF header protection effort), ecosystem transition V4->V6 and PQ-keys (IETF replacement keys), #autocrypt level 2 possibly involving integration of "in-band" with "out of band" key distribution like WKD/HKP which themselves are bound for integration. Believe it or not .... the eco system is moving ;)
@homegrown @delta Apparently, you can have encrypted chats with users using other email clients that support the #Autocrypt standard like @k9mail and #Snappymail webmail. Tried with K-9 a while back and it worked great.
