The idea of Internet actors (human or machine) owning cryptographic identities in a distributed system is a good one. I don't think we should stray from this approach.
From your Matthew Green link:
> If PGP went away, I estimate it would take the security community less than a year to entirely replace (the key bits of) the standard with something much better and modern. It would have modern crypto and authentication, and maybe even extensions for future post-quantum future security. It would be simple. Many bright new people would get involved to help write the inevitable Rust, Go and Javascript clients and libraries.
Those word were written a little more than a year ago. What if right now is the time to assume that PGP has gone away and start building the next thing?
What alternate projects are people excited about that are solving the problem of distributed cryptographic identity and messaging?
I love their approach, but it is still PGP based. Moreover, it is a bit too centralized.
Thing is, a non-centralized system is really hard to monetize. There might be space for some long-form (as opposed to whatsapp, etc) encrypted messaging. But a solution for portable encrypted files (using either symmetric or asymmetric crypto) is hard to monetize.
Note that, while portable encrypted files could be used for encrypted messaging, the use cases and ergonomics are sufficiently different that a good solution for one will not be a great fit for the other.
There's nothing technically wrong (baring a yet-unrevealed exploit) with PGP itself. This thread's topic was about a weakness in SKS. PGP just suffers from major UX problems, which Keybase has largely addressed.
To use Keybase, one doesn't even need to know what PGP is. It all "just works". I have successfully introduced non-technical people to Keybase and what's more, these people use it actively and appreciate what it can do for them. Can't really say that about PGP.
> Thing is, a non-centralized system is really hard to monetize
Until our government supports such infrastructure, the only solution is trust funds / non-profit organizations which released all of their R&D for free.
It's still too centralized. You and I can't run our own compatible public Keybase servers, or our own private servers. Understandable, as their investors expect them not to give away everything for free.
The client is open source so reverse engineering and improving the server architecture is far from impossible. I think Keybase is making great strides on exploring how we can utilize asymmetric E2E encryption for communication, organization, storage, and everything in between. I think they've made tremendous progress in making E2E cryptography accessible. However we need a 100% FOSS system.
> What alternate projects are people excited about that are solving the problem of distributed cryptographic identity and messaging?
I would argue Matrix is a good contender. The Matrix project is working on secure messaging, and they have a lot of really cool solutions for key distribution and federated communication.
"Distributed cryptographic identity" is a slightly hard concept to pin down. In Matrix this is still an open problem, but that's just for the service which links third-party IDs (phone numbers, email addresses, etc) to Matrix IDs (@cyphar:cyphar.com, for instance). But if the problem is distributing keys, then that is a solvable problem.
But then again, maybe a different solution is needed to fill the PGP niche.
Device cross-signing (from my understanding, the last must-have feature before e2ee is considered ready to be the default) is very close to being merged now that Matrix 1.0 is out. Yes, it took several years to get there, but I think its fair to say that the e2ee design now looks much better than anything else available (and had to solve many more technical problems than [for instance] Signal, due to the needs of federation).
> poorly supported
There are many unmaintained Matrix clients (this is what the top comment of your link points out). Personally I'd prefer if they stopped advertising them on matrix.org, because all of the newer clients either do or will support e2ee.
> hamstrung by its overzealous cheering section
Given that it seems to be the only project that provides modern e2ee in a way where your data is actually controlled by you without a central authority, I'm surprised that so few people are cheering them on.
well, it's true - if you run a daemon like pantalaimon, even one-liner Matrix requests via curl can speak full E2EE. So arguably the older clients now support E2EE too :)
> Given that it seems to be the only project that provides modern e2ee in a way where your data is actually controlled by you without a central authority, ...
(Matrix project lead here.) The linked reddit post is 10 months old, and even then was riddled with bugs (it ignored or declared 'unclear' for some of clients which had E2E, and included loads of random alpha ones to make the situation seem way worse than it was). The topmost reply on that post tried to correct it at the time, but seems like people don't read the replies.
The current situation is that the following clients in Matrix have full E2E support:
* Riot/Web (JS) (aka Riot/Desktop)
* Riot/iOS (ObjC)
* Riot/Android (Java)
* RiotX/Android (Kotlin)
* Weechat (Python)
* Pantalaimon (Python)
* Seaglass (ObjC on macOS)
* Nheko (Qt) (other than file transfer)
Meanwhile, Quaternion (Qt) is currently getting support via GSoC 2019, and the purple-matrix plugin has working (albeit read-only) E2E support. I believe Pattle (pattle.im) is working on E2EE too. And the matrix-python-sdk (not an app) got support via GSoC 2018.
It's true that there are over 100 other Matrix clients out there which don't speak E2EE natively, but that's because "a matrix client" can be as simple as a curl one-liner, and so there are tonnes of experimental and toy and alpha ones as well as the more mature ones which you could use to pad out a list to make native E2EE support look bad.
However, and most importantly, Pantalaimon (https://github.com/matrix-org/pantalaimon) makes any Matrix client (including all the ones in that FUDdy Reddit post) speak full E2EE - by running as a clientside daemon which acts as a friendly MITM for your Matrix traffic and offloads all the hard E2E encryption (and E2E indexing and search, and in future multiplexing multiple local Matrix apps onto one connection to your server - thus acting almost as a general comms daemon which can even be used as a self-sovereign encrypted push service).
That said, I agree that sometimes the enthusiasm of the Matrix community can be overzealous. For instance, there are some bits which we haven't solved yet, for instance:
* Cross-signing keys for one-hop web-of-trust is 1-2 weeks away from landing. It's implemented in Synapse and matrix-js-sdk, but we're in the middle of adding it into the UI for Riot/Web currently. You can see demos at the SDK level at https://matrix.org/blog/2019/06/14/this-week-in-matrix-2019-... if interested. We also need to figure out how to use cross-signing for limited transitive web-of-trust (e.g. within an closed organisation where WOT metadata leakage isn't a concern)
* We don't turn on E2E by default yet for private chats. This is because we want cross-signing to land first, for usability, and also because we don't want to lock out non-E2E-capable clients, and pantalaimon is only a few weeks old. We also want to better solve e2e-search first (by taking the tantivy-powered FTS indexer from pantalaimon and putting it into Riot). Also, we are still chasing down a few edge cases where session keys aren't available - see https://www.youtube.com/watch?v=WgikPxIjsWE for our approach to that, and https://github.com/vector-im/riot-web/issues/6779 for the overall bug.
* We don't have any equivalent of key-servers at all yet.
So yeah, we definitely don't claim to be perfect, but please don't disregard our progress thanks to a confused/malicious Reddit article.
Sovrin[1] seems pretty interesting to me for distributed/decentralized identity. They use a distributed ledger for identity and allow for piecemeal disclosure of identity data. So by default the identity data isn’t public.
The idea expressed in that quote is utter nonsense. If it's so easy to "entirely replace (the key bits of) the standard with something much better and modern", then go build it! Talk is cheap.
If people aren't adopting an objectively superior solution that currently exists and addresses all of the current use cases, that's an entirely different issue. I doubt that's the case here though.
I think (one of) the issues is that no one has yet managed to clearly define a set of goals that satisfy all current use cases while also addressing concerns about centralization, interoperability, and ease of implementation.
From your Matthew Green link:
> If PGP went away, I estimate it would take the security community less than a year to entirely replace (the key bits of) the standard with something much better and modern. It would have modern crypto and authentication, and maybe even extensions for future post-quantum future security. It would be simple. Many bright new people would get involved to help write the inevitable Rust, Go and Javascript clients and libraries.
Those word were written a little more than a year ago. What if right now is the time to assume that PGP has gone away and start building the next thing?
What alternate projects are people excited about that are solving the problem of distributed cryptographic identity and messaging?