Hi Everyone,
I'm pleased to announce that we, the Sequoia PGP team, have released
v1.0 of the Octopus. The Octopus is an alternate OpenPGP backend for
Thunderbird 78 based on Sequoia PGP.
https://sequoia-pgp.org
You can find more details in our blog post and README, which also
include installation instructions (for Windows we provide precompiled
binaries).
https://sequoia-pgp.org/blog/2021/04/08/202103-a-new-backend-for-thunderbir…https://gitlab.com/sequoia-pgp/sequoia-octopus-librnp
The project was started as a simple Thunderbird-specific drop-in
replacement for RNP, which Fedora and RedHat do not want to
distribute, because Botan is not one of the cryptographic backends
that they support.
https://fedoraproject.org/wiki/Fedora_Crypto_Consolidation
In the end, the project grew to also reintroduce many of the features
that we and others miss from Enigmail, in particular, close gpg
integration, web of trust support, and background updates. Along the
way, we also discovered some security flaws, which we found
workarounds for (see below). And Sequoia has several non-functional
advantages. These include:
- Features
- Integrates GnuPG's keyring.
- Integrates GnuPG's key validity information ("web of trust")
- Directly talks to gpg agent (no GPGME required).
- Updates certificates in the background using something like
parcimonie.
- Rejects weak cryptgraphic primitives.
- Works around a 20 year old security flaw that Thunderbird
introduced by rewriting Thunderbird-generated signatures on the
fly.
- Non-Functional Advantages
- Unencrypted secret key material is protected in memory (like
OpenSSH). This frustrates Heartbleed, Spectre, etc.-style
attacks.
- Countermeasures for weakness in SHA-1 collision resistance.
(RNP accepts SHA-1 everywhere. In fact, stock RNP accepts MD5!)
- Use of a variant of SHA-1 called SHA-1 collision dection, which
is used by github, for instance.
- SHA-1 is only accepted in safer contexts.
- We've published and committed to a SHA-1 deprecation timeline.
- Signatures include a salt to protect them from some attacks on
collision resistance (like OpenSSH).
- Avoids RNP's split brain problem due to its multiple sources of
truth.
- Some code (in particular, certificate parsing, which is slow) is
multithreaded thanks to Rust's safer concurrency primitives.
- Support for a broad range of OpenPGP certificates.
If you have any questions, feel free to reach out either via email or
on our irc channel (Freenode, #sequoia).
:) Neal