Proton

Proton hosted the sixth OpenPGP Email Summit

Last month, developers from numerous OpenPGP-related projects came together at Proton’s headquarters in Geneva to work together and discuss the future of encrypted email using the OpenPGP standard. Proton had offered to host the sixth installment of the (normally) annual summit after the previous meeting in Berlin in 2019. However, that meeting was postponed due to the pandemic. Now, with lockdowns across Europe ending, we could finally come together again.

In attendance were developers from projects such as Thunderbird(new window), Enigmail(new window), and Proton Mail(new window), OpenPGP implementations such as Sequoia-PGP(new window), PGPainless(new window), OpenPGP.js(new window), and GopenPGP(new window), and the German Federal Office for Information Security (BSI)(new window). The topics under discussion ranged from how to add post-quantum cryptography to OpenPGP to improving the usability of encrypted email.

The timing was fortuitous as the OpenPGP standard (RFC 4880) is currently in the last stages of receiving a “crypto refresh”, which modernizes the cryptographic primitives used in the standard, by adding more secure signing and encryption algorithms. The result of this will be published as a new RFC in the coming future. Discussions thus also turned to potential future topics for standardization after that work is done in a possible “re-chartering” of the OpenPGP Working Group.

Potential ideas there included automatic forwarding of incoming emails when the recipient is “out of office” in a secure manner (without needing to share the private key) as well as improving the security and performance of email archival by symmetrically re-encrypting emails for storage. Header protection (e.g., encrypting subjects) and forward secrecy were also discussed, among other topics.

Improving the OpenPGP standard and standardizing these new features are important to ensure continued interoperability between different email providers, even when the emails are encrypted. This is especially relevant in the current discussion surrounding interoperability versus end-to-end encryption: it is possible to achieve both, as the OpenPGP community demonstrates, though doing so requires some dedicated effort. Meetings such as the OpenPGP Email Summit help to facilitate open discussions between stakeholders.

A better internet requires strong, open-source encryption

Proton is a strong advocate for open standards and open-source software. Opening proposals up to peer review improves the quality and security, and meshes well with our background as physicists and scientists. That is also why we have made all Proton apps open source(new window) and have subjected them to numerous third-party audits(new window).

We also maintain the OpenPGP.js(new window) and GopenPGP(new window) open-source encryption libraries. We feel that maintaining these encryption libraries is a critical part of our work to create a better internet where privacy is the default. If strong encryption is interoperable, easy to use, and freely available, it is easier for developers to create more private-by-default apps, which benefits everyone.

All in all, the summit was very useful and productive. It allowed us to make meaningful progress on the previously mentioned topics. Additionally, concrete commitments were made by us and others to work on encrypted email in the interim.

We thank everyone who came to the summit and hope to see everyone again (and others for the first time) at the next one!

Related articles

laptop showing Bitcoin price climbing
  • Privacy guides
Learn what a Bitcoin wallet does and the strengths and weaknesses of custodial, self-custodial, hardware, and paper wallets.
pixel tracking: here's how to tell which emails track your activity
Discover what pixel tracking is and how it works, how to spot emails that track you, and how to block these hidden trackers.
A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.