NGI webinar on future of OpenPGP
State-of-the-art work on chains of trust
This free online event on November 23 from 10 to 11:30 CET organized by NGI Assure went into the future of OpenPGP encryption. Researchers and developers funded by different NGI programmes discussed their work on PGP-related technology and how to advance the state of art in decentralized trust.
Despite the rise of mobile messengers and chat apps, email continues to be an integral communication channel on the internet. But like core internet technologies, email was not designed with privacy and security in mind. To combat growing problems like phishing, spam and surveillance, various methods of encryption provide confidentiality, authentication and integrity of data. OpenPGP is a widely used email encryption standard (defined by the Internet Engineering Task Force in RFC 4880) derived from Phil Zimmermann's PGP. Implementations of OpenPGP are used for a wide range of purposes, to sign, encrypt and decrypt texts, emails, files, directories and disks. OpenPGP-compatible systems also allow users to create their own 'web of trust', where people accumulate and sign each others keys for trusted communication without a central point of authority.
Decentralized encryption, authentication and integrity checking are important requirements for trustworthy communication and data handling. That is why the Next Generation Internet initiative funds various R&D-projects that advance the state of art in OpenPGP-implementations and chains of trust. In this freely accessible online event OpenPGP-projects funded by NGI Assure and NGI0 PET present and discuss their ongoing work, and think about the future of the technology they contribute to.
Webinar recording and presentation slides
View the online session below, provided by ConfTube, a PeerTube-instance dedicated to conferences and community events content.
Agenda with links to slides and websites
- Neal H. Walfield — An introduction to Sequoia PGP - [slide deck for all Sequoia-projects]
- Wiktor Kwapisiewicz — Add support for trusted platform modules (TPM) to Sequoia PGP
- Heiko Schaefer — Developing and hardening an OpenPGP certificate authority for group trust management
- Lars Wirzenius — Adding and improving command line, programming interface and acceptance test suite to Seqouia PGP
- Justus Winter — Drop-in replacement for widely used encryption software GnuPG (GNU Privacy Guard)
- Uli Fouquet — Add plug & play encryption to customer relationship management system - [slides]
- muppeth — GnuPG-based email encryption for emails at rest
- Yarmo Mackenbach — Decentralized platform to manage online identities verifiably signed with OpenPGP - [slides]
Discussion, questions and answers
To read the discussed questions and shared links, please see the public chat or the shared notes
Interested in OpenPGP, and have concrete ideas to work on the future of OpenPGP — or on another technology that helps provide strong assurances? You might want to have a look at NGI Assure, and apply for the next deadline. The goal of NGI Assure is to support free and open source projects that design and engineer reusable building blocks for the Next Generation Internet as part of a complete, strong chain of assurances for all stakeholders regarding the source and integrity of identities, identifiers, data, cyberphysical systems, service components and processes. After the main discussion, we will tell you how to apply, and answer any questions you may have about eligibility, how the granting procedure works, etcetera.
