Merge pull request #229 from autocrypt/newintro

rewrite the very intro to explain higher level focus of autocrypt and…
autocrypt · Nov 12, 2017 · 63462be · 63462be
2 parents acf6de6 + a4be301
commit 63462be
Showing 1 changed file with 38 additions and 16 deletions.
diff --git a/doc/level1.rst b/doc/level1.rst
@@ -6,22 +6,44 @@
 Autocrypt Level 1: Enabling encryption, avoiding annoyances
 ===========================================================
 
-Autocrypt makes it easy for people to encrypt email.  This document
-describes the basic capabilities required for a mail app to be
-Autocrypt-capable at Level 1.
-
-The design of Level 1 is driven by usability concerns and by the
-realities of incremental deployment. A user may mix both
-Autocrypt-enabled MUAs and traditional MUAs, and we'd
-like to avoid annoyances like unexpectedly unreadable mails while also
-supporting users who want to explicitly turn on encryption.
-
-For ease of implementation and deployment, Level 1 focuses on the use
-of Autocrypt on a single device.  We intend to :doc:`support
-multi-device synchronization (and other features) as part of Level
-2<next-steps>`.  We want to keep Level 1 simple enough that it's easy
-for developers to adopt it so we can drive efforts from real-life
-experiences as soon as possible.
+Autocrypt aims to incrementally and carefully replace cleartext e-mail
+with end-to-end encrypted e-mail. This differs from the traditional approach
+of maximizing the security of individual mail communications.
+**Sometimes Autocrypt recommends to send cleartext mail even though
+encryption appears technically possible.** This is because we want to
+avoid unreadable mail for users. Users may mix both Autocrypt-capable
+and traditional mail apps and they may lose devices or in other ways
+the ability to decrypt in unrecoverable ways. Reverting to cleartext
+when we suspect such situations is a key part of our aim to stay out of
+the way of users.
+
+Another major difference in approach is that Autocrypt Level 1 only
+defends against passive data collection attacks. We share and support
+:rfc:`the new perspective stated in RFC7435 ("Opportunistic Security: Some
+Protection Most of the Time") <7435#section-1.2>`. Protection against
+active adversaries (those which modify messages in transit) is the aim
+of future specifications.
+
+**Level 1 makes it easy for users to encrypt, based on an automatic and
+decentralized key distribution mechanism. There are no dependencies on
+key servers and it is meant to work with existing e-mail providers.**
+Level 1 focuses on the use of Autocrypt on a single device. Users get
+rudimentary support on using Autocrypt on more than one device or mail app.
+This is internally realized through sending and receiving an Autocrypt
+Setup Message, secured by manually entering a long number. Improving
+usability for maintaining synchronized Autocrypt state on multiple
+devices is the aim of future specification efforts.
+
+**Last but not least, Level 1 is meant to be relatively easy for
+developers to adopt.** It describes the basic capabilities required for
+a mail app to be Autocrypt-capable at Level 1, allowing it to exchange
+end-to-end encrypted e-mails with other Autocrypt-capable mail apps. The
+spec contains detailed guidance on protocol, internal state and user
+interface concerns. We have a good track record of supporting new
+implementers. Please don't hesitate to `contact the group
+<https://autocrypt.org/en/latest/contact.html>`_ or bring up issues or
+pull requests. Autocrypt is a living specification and we envision
+both bugfix and backward-compatible feature releases.
 
 .. only:: builder_html