-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
factor out features to its own doc to make "index" more of an "index".
- Loading branch information
Showing
2 changed files
with
52 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
|
||
Features of the Autocrypt effort | ||
-------------------------------- | ||
|
||
End-to-end encrypted e-mail has been around for decades, but has failed | ||
to see wide adoption outside of specialist communities, in large part | ||
because of difficulties user experience and certification models. | ||
To better understand how the fresh autocrypt effort is different | ||
from previous ones here are some of its features: | ||
|
||
- **Protect first against passive data-collecting adversaries**, | ||
resist the temptation to early-add complexity which aim to | ||
prevent active attacks. See `RFC7435 A New Perspective | ||
<https://tools.ietf.org/html/rfc7435#section-1.2>`_ for some | ||
motivation of this and the next points. | ||
|
||
- **Focus on incremental deployment**, always consider that there | ||
will be both autocrypt-enabled MUAs and traditional plain ones, | ||
interacting with each other. | ||
|
||
- **Don't ask users anything about keys, ever.** And minimize and | ||
useability-test what needs to be decided by users and include | ||
resulting UI guidance in the specs. Minimize friction for people | ||
using multiple mail apps with their accounts. | ||
|
||
- **Go for mail app changes, don't require changes from mail providers**, | ||
allowing fluid development of deployable code and specs. | ||
|
||
- **Use decentralized, in-band key discovery.** Make mail apps | ||
tell each other how and when to encrypt to each other | ||
by attaching neccessary information along with mails. | ||
|
||
- **Implement and specify "level0" support in several MUAs in spring | ||
2017.** Keep level0 minimal enough that it's easy for developers to | ||
adopt it and we can start to drive efforts from real-life experiences. | ||
Currently involved are developers from K9/Android, Enigmail, Mailpile, | ||
Bitmask/LEAP and others who are interested to add support for OSX | ||
or write reference "MUA bots" in Python or Go. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters