ProtonBlog

Proton hosted the sixth OpenPGP Email Summit

Share this page

Last month, developers from numerous OpenPGP-related projects came together at Proton’s headquarters in Geneva to work together and discuss the future of encrypted email using the OpenPGP standard. Proton had offered to host the sixth installment of the (normally) annual summit after the previous meeting in Berlin in 2019. However, that meeting was postponed due to the pandemic. Now, with lockdowns across Europe ending, we could finally come together again.

In attendance were developers from projects such as Thunderbird(new window), Enigmail(new window), and Proton Mail(new window), OpenPGP implementations such as Sequoia-PGP(new window), PGPainless(new window), OpenPGP.js(new window), and GopenPGP(new window), and the German Federal Office for Information Security (BSI)(new window). The topics under discussion ranged from how to add post-quantum cryptography to OpenPGP to improving the usability of encrypted email.

The timing was fortuitous as the OpenPGP standard (RFC 4880) is currently in the last stages of receiving a “crypto refresh”, which modernizes the cryptographic primitives used in the standard, by adding more secure signing and encryption algorithms. The result of this will be published as a new RFC in the coming future. Discussions thus also turned to potential future topics for standardization after that work is done in a possible “re-chartering” of the OpenPGP Working Group.

Potential ideas there included automatic forwarding of incoming emails when the recipient is “out of office” in a secure manner (without needing to share the private key) as well as improving the security and performance of email archival by symmetrically re-encrypting emails for storage. Header protection (e.g., encrypting subjects) and forward secrecy were also discussed, among other topics.

Improving the OpenPGP standard and standardizing these new features are important to ensure continued interoperability between different email providers, even when the emails are encrypted. This is especially relevant in the current discussion surrounding interoperability versus end-to-end encryption: it is possible to achieve both, as the OpenPGP community demonstrates, though doing so requires some dedicated effort. Meetings such as the OpenPGP Email Summit help to facilitate open discussions between stakeholders.

A better internet requires strong, open-source encryption

Proton is a strong advocate for open standards and open-source software. Opening proposals up to peer review improves the quality and security, and meshes well with our background as physicists and scientists. That is also why we have made all Proton apps open source(new window) and have subjected them to numerous third-party audits(new window).

We also maintain the OpenPGP.js(new window) and GopenPGP(new window) open-source encryption libraries. We feel that maintaining these encryption libraries is a critical part of our work to create a better internet where privacy is the default. If strong encryption is interoperable, easy to use, and freely available, it is easier for developers to create more private-by-default apps, which benefits everyone.

All in all, the summit was very useful and productive. It allowed us to make meaningful progress on the previously mentioned topics. Additionally, concrete commitments were made by us and others to work on encrypted email in the interim.

We thank everyone who came to the summit and hope to see everyone again (and others for the first time) at the next one!

Protect your privacy with Proton
Create a free account

Share this page

Daniel Huigens

Daniel is the Cryptography team lead at Proton. He is responsible for the encryption that secures your data and helps maintain Proton's two open-source encryption libraries, OpenPGP.js and GopenPGP. He is also the editor of the Web Cryptography API specification and the co-author of the OpenPGP "crypto refresh" draft standard. Before joining Proton, Daniel created Airborn.io.

Related articles

The last thing you want when showing funny videos or holiday photos on your phone or tablet to friends and family is for them to see your sensitive and private photos. Although there are third-party apps dedicated to hiding your personal photos and
It can be slightly difficult to encrypt a zip file using the tools available on your Windows or Mac. Unlike encrypting a PDF or an Excel file, there’s no standardized software to use. You’ll need to rely on your device’s built-in encryption methods. 
Last week, the Spanish Presidency of the European Council delayed a vote regarding the Council’s position on the controversial Child Sexual Abuse Regulation (CSAR) due to a lack of consensus over the issue of encryption, among others. This proposed r
At Proton, we’re always working on new and innovative ways to protect the privacy and data of the Proton community. Sometimes that means developing entirely new services, like our Proton Sentinel program, which combines AI and human security analysts
How to unsend an email in Gmail, Outlook, Proton Mail, and Apple Mail
“Undo Send” gives you a chance to stop an erroneous message you’ve just sent. We’ve all done it. You hit Send on an email only to spot you’ve misspelled someone’s name, forgotten an attachment, or accidentally sent a cringing joke to half your conta
Google has already taken privacy washing to the extreme by trying to brand itself as “privacy focused”, even though its business model is based on surveillance.  Lately, the company’s marketing strategy has turned toward outright Orwellian doublespe