g10 Code - STEED

Usable end-to-end encryption

STEED

Usable end-to-end encryption

End-to-end email encryption is still ignored by almost all users. The mails are left in the clear in the mailboxes of the web mail providers, where they are frequently collected by attackers and lead to an escalation of the attack due to the sensitivity of the mail content. We suggest a new and simplified infrastructure to protect mail that is compatible with OpenPGP and S/MIME and relies on an easy-to-use trust model without a central administration.

The core elements of our proposal are:

automatic key generation
automatic key distribution and retrieval (through DNS)
opportunistic encryption (always encrypt if possible)
trust upon first contact

Please read our white paper STEED — Usable End-to-End Encryption.

To read comments on this project, you may want to look into the archives of the gnupg-users mailing list.

Resources

The paper: STEED — Usable End-to-End Encryption.
A flyer with the basic facts: Flyer
Discussion mailing list: gnupg-devel
LWN article
Slides from the FSCONS 2011 talk and slightly extended slides from the GUUG FFG 2012 presentation.
A description of Steed’s faked root (this links to an IPv6 only server).
An article in the c't magazine 20/2012 (German, payment required)

Upcoming events

None as of now.

Past events

2012-07-10: The planned presentation of the project at the RMLL in Geneva had to be canceled for private reasons.
2012-03-02: The project was presented at the GUUG FFG 2012 in Munich.
2011-11-16: The project was explained at the GUUG Regionaltreffen West in Cologne.
2011-11-13: Werner Koch gave a talk on the project at FSCONS 2011.
2011-10-17: First version of the STEED paper published.
2011-07-12: First project ideas were explained at the 2011 RMLL conference in a keynote by Marcus Brinkmann.

Table of Contents

Usable end-to-end encryption

Resources

Upcoming events

Past events

Links