Autocrypt is a good complement for users who are stuck on non-WKD hosts as long as those hosts support IMAP.
I’m not against Autocrypt. I’ve advocated for it and worked to implement it.
But it’s not a replacement for the real thing. This gets a li’l “let them eat cake”; cake is a nice upgrade on normal bread but if you don’t have normal bread, the icing is gonna be pretty useless.
“How can we make this door open a li’l easier and less creakily? We’ll grease it, that’ll work better.” Autocrypt is like grease (and WKD is a competing-but-not-really-incompatible brand of grease) whereas normal PGP is like the actual door! Greasing the wall won’t let me out!
I’ve never used the QR code thing that you guys have and I never ever will! If I’m seeing someone in real life the last thing I wanna do is schlep out our computers (I probably didn’t even bring mine, I leave it at home).
WKD is way better than Autocrypt (because of mitm + first message problem*) but Autocrypt work more places (since it’s all client side)—but more places doesn’t mean a superset of places since there are places that have WKD but not IMAP. But what’s really a superset of places is vanilla PGP! Users of vanilla PGP can import the WKD keys through wgetting them from .well-known or the Autocrypt keys through viewing the raw email, pasting the headers into an asc file and importing it. Users of vanilla PGP can encrypt to everyone! They have the bread. If they add WKD and Autocrypt, they’ll make their lives even easier and more automatic, and I recommend that and advocate for that, but that’s gravy compared to the actual bread which is PGP.
*: The plain text first message is not a good experience. Thankfully, Delta Chat users can additionally export their key manually (from scraping their own headers in the mail spool if nothing else) and then post it on WKD! Which I did! So I do get the first message encrypted most of the time (from non–Autocrypt users). But then I can’t reply back and I can’t even see in Delta Chat that they encrypted their message.
The more defensive and grouchy I get around this, I realize that I sound entitled and/or rude and/or toxic. I’m gonna take a li’l break. I know working on Delta Chat is difficult. I respect that. But I did reply to Holger’s post. Not to the weird QR thing because my jam is non–vendor-specific, interoperable email!
Yes, that’s exactly what I said, they can scan it and so can Akamai.
Whereas if I do use PGP, Akamai can’t. (And Proton only can if they’ve managed to steal the privkeys.)
I don’t give two tugs what their “zendesk” #ChangeTheName uses! I don’t use Proton!
Stop your trolling. Hating on Proton, even outright FUD:ing, is fine. This is an encryption forum, tinfoil is great. But using ad-Proton-hominem attacks as a distraction from the real issue, which is PGP key import, that’s what I have no patience for. Solving that issue would incidentally fix interoperability with Proton.
Yeah for first message problem WKD would be nice, but I don’t see how it would protect against MITM (In my understanding one of the provider needs to do the MITM attack or do you have a scenario where there is MITM between providers?).
That sounds bad, where is the point where it is failing? do they sent their own key with their email/reply and DC does not detect it?
Hi Simon. Sorry for me being such a grouch yesterday, I shoulda just logged off.
If people have my key (either from me giving it to them outside of Autocrypt, or from them fishing it out of the Autocrypt headers), they can encrypt to me and Delta Chat will decrypt it for me and display it as if it were plaintext even when it’s actually decrypted. If I then reply to them from Delta Chat, without Delta Chat having imported their key, I’ll send unencrypted plaintext. This unfortunately has happened many times. I need to personally remember and keep track of (in my head) who are sending encryptedly but not Autocrypt, so that I don’t reply to them from Delta Chat. I can reply to people who don’t encrypt at all, or who use Autocrypt, from Delta Chat, but since most people are not on Autocrypt but just send normal PGP mail, I need to reply to them from outside of Delta Chat.
Ok but what could or should DC do in these cases?
AFAIK the lock icon is only shown if the message is encrypted AND signed.
Do they attach their own key in their PGP email?
It used to be the case that Delta Chat showed a lock but that was even worse since that misleadingly implied that my replies to them would be encrypted.
What Delta Chat should do of course is to let me import PGP keys manually outside of Autocrypt! (Then in a later version, maybe even automatically import keys from WKD. The problem is that we can’t send WKD back since we’re a client not a server. I mean I do have a server also and on that I do have WKD.)