Proton

Proton hosted the sixth OpenPGP Email Summit

Last month, developers from numerous OpenPGP-related projects came together at Proton’s headquarters in Geneva to work together and discuss the future of encrypted email using the OpenPGP standard. Proton had offered to host the sixth installment of the (normally) annual summit after the previous meeting in Berlin in 2019. However, that meeting was postponed due to the pandemic. Now, with lockdowns across Europe ending, we could finally come together again.

In attendance were developers from projects such as Thunderbird(ventana nueva), Enigmail(ventana nueva), and Proton Mail(ventana nueva), OpenPGP implementations such as Sequoia-PGP(ventana nueva), PGPainless(ventana nueva), OpenPGP.js(ventana nueva), and GopenPGP(ventana nueva), and the German Federal Office for Information Security (BSI)(ventana nueva). The topics under discussion ranged from how to add post-quantum cryptography to OpenPGP to improving the usability of encrypted email.

The timing was fortuitous as the OpenPGP standard (RFC 4880) is currently in the last stages of receiving a “crypto refresh”, which modernizes the cryptographic primitives used in the standard, by adding more secure signing and encryption algorithms. The result of this will be published as a new RFC in the coming future. Discussions thus also turned to potential future topics for standardization after that work is done in a possible “re-chartering” of the OpenPGP Working Group.

Potential ideas there included automatic forwarding of incoming emails when the recipient is “out of office” in a secure manner (without needing to share the private key) as well as improving the security and performance of email archival by symmetrically re-encrypting emails for storage. Header protection (e.g., encrypting subjects) and forward secrecy were also discussed, among other topics.

Improving the OpenPGP standard and standardizing these new features are important to ensure continued interoperability between different email providers, even when the emails are encrypted. This is especially relevant in the current discussion surrounding interoperability versus end-to-end encryption: it is possible to achieve both, as the OpenPGP community demonstrates, though doing so requires some dedicated effort. Meetings such as the OpenPGP Email Summit help to facilitate open discussions between stakeholders.

A better internet requires strong, open-source encryption

Proton is a strong advocate for open standards and open-source software. Opening proposals up to peer review improves the quality and security, and meshes well with our background as physicists and scientists. That is also why we have made all Proton apps open source(ventana nueva) and have subjected them to numerous third-party audits(ventana nueva).

We also maintain the OpenPGP.js(ventana nueva) and GopenPGP(ventana nueva) open-source encryption libraries. We feel that maintaining these encryption libraries is a critical part of our work to create a better internet where privacy is the default. If strong encryption is interoperable, easy to use, and freely available, it is easier for developers to create more private-by-default apps, which benefits everyone.

All in all, the summit was very useful and productive. It allowed us to make meaningful progress on the previously mentioned topics. Additionally, concrete commitments were made by us and others to work on encrypted email in the interim.

We thank everyone who came to the summit and hope to see everyone again (and others for the first time) at the next one!

Artículos relacionados

A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
en
  • Actualizaciones del producto
  • Proton Pass
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
en
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
en
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
en
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.
A cover image for a blog announcing that Pass Plus will now include premium SimpleLogin features
en
We're changing the price of new Pass Plus subscriptions, which now includes access to SimpleLogin premium features.
Infinity symbol in purple with the words "Call for submissions" and "Proton Lifetime Fundraiser 7th Edition"
en
It’s time to choose the organizations we should support for the 2024 edition of our annual charity fundraiser.