Install party to set up #DeltaChat servers, created several local test servers, and promoted it.
-
@delta I'm a decently-informed-but-ultimately-casual observer in the security parts, but the name "forward secrecy" makes more sense to me for what it defines: "secrecy" of the message after it's "forwarded" (sent anywhere else in addition to its destinations — which would include things like wiretapping and late retrieval, which aren't typically seen as forms of forwarding). It makes sense to me mechanically.
I'm not on board with "reliable deletion" because information cannot be reliably deleted without direct control over every single device involved. What you're doing in ACv2 is preserving *secrecy* — rendering retrieval of older messages useless. I can understand how it can be seen as a form of deletion from a user's perspective and making sense to the user is a fair rationale. I just have doubts this choice of words is going to be any easier to explain.
I was explaining the same phenomenon wrt. post deletions on Fediverse literally yesterday
@dside the term https://en.wikipedia.org/wiki/Forward_secrecy is unrelated to the concept of "forwarding a message".
It's a very technical term that clearly has gotten popularized. However, its precise meaning is subtle and not intuitively understood, even as the term is widely recognized as some kind of desirable property.
-
@dside @delta @qyahxm Here by reliable deletion they mean that encrypted copies can not be later used to get the original message. Do see the interesting talk where they discuss this (and also say the same thing about control of other devices): https://autocrypt2.org/#/
The only thing I think is saddening is that some people think that "reliable deletion" *should* include some guarantees of plaintext and key removal by all parties. No, it's still useful without that guarantee. And ideally we should have a toggle in the app that actually turns off the behavior of deletion of plaintext. Maybe then people will stop assuming this can't be done.@lyyn that's just what the words mean in the general sense. Redefining them only makes it harder to communicate with wider audiences, which I take it was the rationale behind inventing a new term for this.
I've had a funny conversation from an opposite perspective with a guy from Vivaldi (the browser) last year who was very adamant about asserting their data collection is okay because it's not telemetry as it's known in the professional setting and utterly refused to even consider what their browser is even being accused of – to even begin explaining why accusations don't hold water, which he never got to. In doing so he sounded incredibly dodgy seemingly without realizing it (or knowing full well the accusations are valid, who can tell).
I understand that @delta is probably tired of explaining that FS isn't that big a deal by now… but gaining what is probably the closest thing to FS within the confines of mailing protocols – isn't that a win that can be celebrated?
-
@dside the term https://en.wikipedia.org/wiki/Forward_secrecy is unrelated to the concept of "forwarding a message".
It's a very technical term that clearly has gotten popularized. However, its precise meaning is subtle and not intuitively understood, even as the term is widely recognized as some kind of desirable property.
@hko ...no?
The author might not have meant it to be related in this way, but there is a sensible explanation for the etymology which I just provided. Honestly, I have no clue if it's a popular interpretation. I assume that it probably isn't.
So the idea behind the new term is to escape the existing association as something desirable by stopping the use of it altogether, which'll look to the public eye as the admission of not having it?
It's… a plan, I guess. It might backfire IMO, but I assume you looked into it much deeper than I did. -
@hko ...no?
The author might not have meant it to be related in this way, but there is a sensible explanation for the etymology which I just provided. Honestly, I have no clue if it's a popular interpretation. I assume that it probably isn't.
So the idea behind the new term is to escape the existing association as something desirable by stopping the use of it altogether, which'll look to the public eye as the admission of not having it?
It's… a plan, I guess. It might backfire IMO, but I assume you looked into it much deeper than I did.@dside @hko @lyyn thanks for your friendly communication! the people behind https://autocrypt2.org think it's worthwhile to clarify what cryptographic properties are about. Forward secrecy is about messages that you delete on your chat device become unrecoverable to a server attacker. Nothing more, nothing less. "Reliable Deletion" expresses this cryptographic property much more directly. Using more magic terms makes it too easy to feel falsely secure, or unnecessarily alarmed these days.
-
Install party to set up #DeltaChat servers, created several local test servers, and promoted it.
This was our community's final in-person gathering of the year for free software enthusiasts, held privately.
We designated the year 1404 (in the Persian calendar) as the year for promoting free software culture.Based on this, we organized various events and conferences to introduce this culture, and similarly pursued diverse promotional approaches to amplify the voice of free software.
The adoption of free software has had positive impacts in Iran.
Now, with a record of 500 active Delta Chat servers during Iran's internet blackout period, we made an effort to hold this final gathering.We have named the new year as the year for promoting decentralized #free_software tools and will continue to pursue it.
May the new year in a free Iran allow us to both host events introducing books like #Ada and #Zangemann, and promote free, decentralized tools.
@abbas_dp Great initiative! And thank you for mentioning "Ada & Zangemann" ...didn't knew it before!
https://ada-zangemann.forge.apps.education.fr/livre/en/index_en.html
-
@dside @hko @lyyn thanks for your friendly communication! the people behind https://autocrypt2.org think it's worthwhile to clarify what cryptographic properties are about. Forward secrecy is about messages that you delete on your chat device become unrecoverable to a server attacker. Nothing more, nothing less. "Reliable Deletion" expresses this cryptographic property much more directly. Using more magic terms makes it too easy to feel falsely secure, or unnecessarily alarmed these days.
@delta yeah, I caught that bit of the intention. The goal is understandable. I'm just not sure the solution will work towards it.
I disagree with this being a more direct expression (admittedly, with my atypically wide interpretation of "forwarding") of what it's trying to say and it's most certainly at a massive disadvantage in adoption. The adoption of a new term for an existing concept is an uphill battle against an entrenched bit of natural language, so to speak. My concern is that it might end up causing more trouble than it's worth.
I'll refrain from commenting further until I actually watch the FOSDEM talk on AC2. Good news: for all the hosting providers Russia has been banning en masse lately autocrypt2's website is perfectly accessible at this time
-
@delta yeah, I caught that bit of the intention. The goal is understandable. I'm just not sure the solution will work towards it.
I disagree with this being a more direct expression (admittedly, with my atypically wide interpretation of "forwarding") of what it's trying to say and it's most certainly at a massive disadvantage in adoption. The adoption of a new term for an existing concept is an uphill battle against an entrenched bit of natural language, so to speak. My concern is that it might end up causing more trouble than it's worth.
I'll refrain from commenting further until I actually watch the FOSDEM talk on AC2. Good news: for all the hosting providers Russia has been banning en masse lately autocrypt2's website is perfectly accessible at this time
@delta @dside it's entirely possible to introduce and center a new term (like "reliable deletion") while also mentioning its relation to a preexisting term such as "forward secrecy".
I see no strong need to avoid new terminology, if the old terminology is clearly not serving its communicative purpose.
-
@delta @dside it's entirely possible to introduce and center a new term (like "reliable deletion") while also mentioning its relation to a preexisting term such as "forward secrecy".
I see no strong need to avoid new terminology, if the old terminology is clearly not serving its communicative purpose.
@hko I guess that's where the crux of our disagreement is. "Forward secrecy" serves its communicative purpose just fine for me, I explain above how. But I'm one random guy out on the internets so this is anecdotal evidence at best. Not very reliable, that is.
Popularizing a new term for an existing concept is certainly possible, but difficult. Costly in terms of time and effort. I'm not sure it's worth for @delta to fight that fight. But that's their choice.
-
@dside @hko @lyyn thanks for your friendly communication! the people behind https://autocrypt2.org think it's worthwhile to clarify what cryptographic properties are about. Forward secrecy is about messages that you delete on your chat device become unrecoverable to a server attacker. Nothing more, nothing less. "Reliable Deletion" expresses this cryptographic property much more directly. Using more magic terms makes it too easy to feel falsely secure, or unnecessarily alarmed these days.
-
Install party to set up #DeltaChat servers, created several local test servers, and promoted it.
This was our community's final in-person gathering of the year for free software enthusiasts, held privately.
We designated the year 1404 (in the Persian calendar) as the year for promoting free software culture.Based on this, we organized various events and conferences to introduce this culture, and similarly pursued diverse promotional approaches to amplify the voice of free software.
The adoption of free software has had positive impacts in Iran.
Now, with a record of 500 active Delta Chat servers during Iran's internet blackout period, we made an effort to hold this final gathering.We have named the new year as the year for promoting decentralized #free_software tools and will continue to pursue it.
May the new year in a free Iran allow us to both host events introducing books like #Ada and #Zangemann, and promote free, decentralized tools.
@abbas_dp
Since DeltaChat uses mail infrastructure, what is the difference between a DeltaChat server and an ordinary mail server?Can you explain that?
-
J jowek@autonomous.zone shared this topic
