JoachimSchipper

It's always sad to see someone taking down a project that is run with the best intentions. However, it may be time to move away from the entire PGP ecosystem.

Consider the post's "We've known for a decade this attack is possible. It's now here and it's devastating.".

Consider also the final section, "PGP is bad technology and it’s making a bad community", of https://blog.cryptographyengineering.com/2018/05/17/was-the-... (by noted cryptographer Matthew Green.)

My sympathies to the victims of this attack.

[EDIT: reworked slightly at 7m to try to be as kind as possible]

clarkmoody

The idea of Internet actors (human or machine) owning cryptographic identities in a distributed system is a good one. I don't think we should stray from this approach.

From your Matthew Green link:

> If PGP went away, I estimate it would take the security community less than a year to entirely replace (the key bits of) the standard with something much better and modern. It would have modern crypto and authentication, and maybe even extensions for future post-quantum future security. It would be simple. Many bright new people would get involved to help write the inevitable Rust, Go and Javascript clients and libraries.

Those word were written a little more than a year ago. What if right now is the time to assume that PGP has gone away and start building the next thing?

What alternate projects are people excited about that are solving the problem of distributed cryptographic identity and messaging?

cyphar

> What alternate projects are people excited about that are solving the problem of distributed cryptographic identity and messaging?

I would argue Matrix is a good contender. The Matrix project is working on secure messaging, and they have a lot of really cool solutions for key distribution and federated communication.

"Distributed cryptographic identity" is a slightly hard concept to pin down. In Matrix this is still an open problem, but that's just for the service which links third-party IDs (phone numbers, email addresses, etc) to Matrix IDs (@cyphar:cyphar.com, for instance). But if the problem is distributing keys, then that is a solvable problem.

But then again, maybe a different solution is needed to fill the PGP niche.

tptacek

The best replacement to PGP would be a messaging network with opt-in, poorly supported encryption?

https://www.reddit.com/r/privacy/comments/9avyen/sad_state_o...

I don't know what it is with people and Matrix. It seems like a good project, hamstrung by its overzealous cheering section.

Arathorn
(Matrix project lead here.) The linked reddit post is 10 months old, and even then was riddled with bugs (it ignored or declared 'unclear' for some of clients which had E2E, and included loads of random alpha ones to make the situation seem way worse than it was). The topmost reply on that post tried to correct it at the time, but seems like people don't read the replies.

The current situation is that the following clients in Matrix have full E2E support:

* Riot/Web (JS) (aka Riot/Desktop)

* Riot/iOS (ObjC)

* Riot/Android (Java)

* RiotX/Android (Kotlin)

* Weechat (Python)

* Pantalaimon (Python)

* Seaglass (ObjC on macOS)

* Nheko (Qt) (other than file transfer)

Meanwhile, Quaternion (Qt) is currently getting support via GSoC 2019, and the purple-matrix plugin has working (albeit read-only) E2E support. I believe Pattle (pattle.im) is working on E2EE too. And the matrix-python-sdk (not an app) got support via GSoC 2018.

It's true that there are over 100 other Matrix clients out there which don't speak E2EE natively, but that's because "a matrix client" can be as simple as a curl one-liner, and so there are tonnes of experimental and toy and alpha ones as well as the more mature ones which you could use to pad out a list to make native E2EE support look bad.

However, and most importantly, Pantalaimon (https://github.com/matrix-org/pantalaimon) makes any Matrix client (including all the ones in that FUDdy Reddit post) speak full E2EE - by running as a clientside daemon which acts as a friendly MITM for your Matrix traffic and offloads all the hard E2E encryption (and E2E indexing and search, and in future multiplexing multiple local Matrix apps onto one connection to your server - thus acting almost as a general comms daemon which can even be used as a self-sovereign encrypted push service).

That said, I agree that sometimes the enthusiasm of the Matrix community can be overzealous. For instance, there are some bits which we haven't solved yet, for instance:

* Cross-signing keys for one-hop web-of-trust is 1-2 weeks away from landing. It's implemented in Synapse and matrix-js-sdk, but we're in the middle of adding it into the UI for Riot/Web currently. You can see demos at the SDK level at https://matrix.org/blog/2019/06/14/this-week-in-matrix-2019-... if interested. We also need to figure out how to use cross-signing for limited transitive web-of-trust (e.g. within an closed organisation where WOT metadata leakage isn't a concern)

* We don't turn on E2E by default yet for private chats. This is because we want cross-signing to land first, for usability, and also because we don't want to lock out non-E2E-capable clients, and pantalaimon is only a few weeks old. We also want to better solve e2e-search first (by taking the tantivy-powered FTS indexer from pantalaimon and putting it into Riot). Also, we are still chasing down a few edge cases where session keys aren't available - see https://www.youtube.com/watch?v=WgikPxIjsWE for our approach to that, and https://github.com/vector-im/riot-web/issues/6779 for the overall bug.

* We don't have any equivalent of key-servers at all yet.

So yeah, we definitely don't claim to be perfect, but please don't disregard our progress thanks to a confused/malicious Reddit article.