ProtonBlog(new window)

Proton hosted the sixth OpenPGP Email Summit

Share this page

Last month, developers from numerous OpenPGP-related projects came together at Proton’s headquarters in Geneva to work together and discuss the future of encrypted email using the OpenPGP standard. Proton had offered to host the sixth installment of the (normally) annual summit after the previous meeting in Berlin in 2019. However, that meeting was postponed due to the pandemic. Now, with lockdowns across Europe ending, we could finally come together again.

In attendance were developers from projects such as Thunderbird(new window), Enigmail(new window), and Proton Mail(new window), OpenPGP implementations such as Sequoia-PGP(new window), PGPainless(new window), OpenPGP.js(new window), and GopenPGP(new window), and the German Federal Office for Information Security (BSI)(new window). The topics under discussion ranged from how to add post-quantum cryptography to OpenPGP to improving the usability of encrypted email.

The timing was fortuitous as the OpenPGP standard (RFC 4880) is currently in the last stages of receiving a “crypto refresh”, which modernizes the cryptographic primitives used in the standard, by adding more secure signing and encryption algorithms. The result of this will be published as a new RFC in the coming future. Discussions thus also turned to potential future topics for standardization after that work is done in a possible “re-chartering” of the OpenPGP Working Group.

Potential ideas there included automatic forwarding of incoming emails when the recipient is “out of office” in a secure manner (without needing to share the private key) as well as improving the security and performance of email archival by symmetrically re-encrypting emails for storage. Header protection (e.g., encrypting subjects) and forward secrecy were also discussed, among other topics.

Improving the OpenPGP standard and standardizing these new features are important to ensure continued interoperability between different email providers, even when the emails are encrypted. This is especially relevant in the current discussion surrounding interoperability versus end-to-end encryption: it is possible to achieve both, as the OpenPGP community demonstrates, though doing so requires some dedicated effort. Meetings such as the OpenPGP Email Summit help to facilitate open discussions between stakeholders.

A better internet requires strong, open-source encryption

Proton is a strong advocate for open standards and open-source software. Opening proposals up to peer review improves the quality and security, and meshes well with our background as physicists and scientists. That is also why we have made all Proton apps open source(new window) and have subjected them to numerous third-party audits(new window).

We also maintain the OpenPGP.js(new window) and GopenPGP(new window) open-source encryption libraries. We feel that maintaining these encryption libraries is a critical part of our work to create a better internet where privacy is the default. If strong encryption is interoperable, easy to use, and freely available, it is easier for developers to create more private-by-default apps, which benefits everyone.

All in all, the summit was very useful and productive. It allowed us to make meaningful progress on the previously mentioned topics. Additionally, concrete commitments were made by us and others to work on encrypted email in the interim.

We thank everyone who came to the summit and hope to see everyone again (and others for the first time) at the next one!

Protect your privacy with Proton
Create a free account

Share this page

Daniel Huigens(new window)

Daniel is the Cryptography team lead at Proton. He is responsible for the encryption that secures your data and helps maintain Proton's two open-source encryption libraries, OpenPGP.js and GopenPGP. He is also the editor of the Web Cryptography API specification and the co-author of the OpenPGP "crypto refresh" draft standard. Before joining Proton, Daniel created Airborn.io.

Related articles

How to share a PDF
Sharing a PDF with coworkers, friends, or family members can sometimes be trickier than it seems if you’re trying to share a large file or if you want to use secure encryption. In this article, we show you how to share any PDF quickly, easily, and se
Proton Pass for Windows
Proton Pass is launching its new app for Windows, allowing you to access our password manager from your desktop. As one of our community’s most requested features, it’s available to everyone starting today. Proton Pass is the centerpiece of our effo
password policy
Businesses are increasingly dealing with the fallout from cybercrime: The number of attacks is on the rise and the damage done is growing exponentially. One of the most common vulnerabilities for organizations are their passwords. Since they are your
How to free up disk space
If you’ve ever owned an electronic device of any kind, you know the struggle of running out of space. No matter if it’s a smartphone, laptop, or desktop computer, there never seems to be enough room for all your files. Let’s show you some simple ways
What is 3-2-1 backup
Data backup is vital for businesses and individuals alike: In case something happens to your primary computer, you always have a copy of your data to fall back on.  How should you approach backup, though? The 3-2-1 rule can act as a guide when decid
What was your first pet’s name? In what city were you born?  We’ve all had to answer these questions to reset a long-forgotten password, but consider how that works. Much of this information is easy to find for others (or easily forgotten by you), m