CCCamp19 and further EFail mitigations

Posted by Bjarni Rúnar on 31 August, 2019

Hello world!

As I write this, I have mostly recovered from the amazing Chaos Communication Camp in Germany. I attended the camp mostly as a holiday, but there were of course quite a few Mailpile related discussions.

The most interesting of those related to EFail. I spent a couple of afternoons sitting in the shade with researchers and developers who work on OpenPGP related things. We discussed EFail.

For those of you who haven't heard of EFail, it was one of the most serious vulnerabilities the OpenPGP community has ever had to deal with: by combining flaws in e-mail clients with flaws in legacy PGP (and S/MIME) implementations, EFail described multiple ways an attacker could turn a vulnerable e-mail client into a decryption oracle and steal the cleartext of previously secured communications. Cryptosystem flaws don't get much worse than that.

This was such a serious issue that the EFF recommended people disable PGP entirely, at least for a little while. This triggered a rather emotional backlash from the PGP community, and unfortunately a lot of misinformation and misunderstandings were published. Some of which still have not been corrected.

As a community, we're still coming to terms with some of the implications. Those of us who aren't in denial (which is disturbingly common) are still mulling over ways to secure our tools and defend against similar flaws in the future.

I have written before about Mailpile and EFail: there were a few issues that needed fixing, but overall Mailpile weathered EFail relatively well. Exfiltrating cleartext from Mailpile was possible, but it was not fully automated and required social engineering.

The social engineering aspects are still quite serious, and some are easier to exploit than others. The most trivial EFail exploit is to send someone a message they're likely to reply to, with the ciphertext you want to exfiltrate appended to the end after a long boring boilerplate signature or quoted message. If the mail client decrypts, and the recipient replies without reading and pruning their response... hey presto, you've exfiltratrated the secret message.

One of the outcomes of these discussions at camp, were some concrete recommendations on how Mailpile could make such social engineering less likely to succeed. The guiding principle I ended up with, was:

If the user is probably not going to see the content, do not decrypt.

On the plane home from Germany, I implemented this strategy. So for the first time, Mailpile will deliberately decline to decrypt parts of incoming e-mail, if the message structure is such that it might might provide cover for EFail social engineering attacks.

The change wasn't huge, but the security impact is significant. We welcome any and all feedback: the code is here. This patch is already in the nightly packages and will hit the release branch next time I update it - which should be soon, we've got quite a few important fixes queued up by now.

Many thanks to Sebastian and Vincent for helping me figure out how to improve Mailpile on this front. And thanks to CCC for providing venues for these conversations to take place.

Please feel free to discuss this post in our Community Forum.

Burned Out and Happy?

Posted by Bjarni Rúnar on 6 April, 2019

Dear Mailpile Users and Backers,

I just wanted to post a short note, to explain why development has been so slow for the last year - or longer. The long and the short of it is, I'm burned out, and this has been the case for quite some time.

I care deeply about this project, but it really is too big for one person and I haven't successfully built a team to support me. That's not to discount the contributions and efforts of our community, but at the end of the day I've been the one responsible for keeping the ball rolling. I review the pull requests, I respond to issues, I file the tax returns, I try to spend your donations wisely... and I write most of the code. Doing this well is a lot of work!

This responsibility, combined with frustration over how slow progress has been, has really worn me down. When I'm feeling down, I'm not very productive, leading to a vicious cycle of feeling bad about a the lack of progress and then becoming incapable of making progress as a result.

It's not good.

It took me a while to realize what was going on, to realize I was burned out.

There is also a money dimension here; although I cannot say thank you enough for all the donations and support from our community, the fact is that Mailpile has not been able to pay me a decent wage for my work, ever. I know my value on the job market, and I've been underpaid since day one. That was my choice and I don't regret it; but it's still become harder and harder for me to justify. I have a family now and I've drained most of my savings trying to get 1.0 out the door.

So, I'm giving myself a break and focusing on other things for a while.

I've gotten a (part-time) job working with the fine folks at ISNIC, I'm working out regularly at the pool and I'm spending more time with friends and family. Life is good!

Now that I've accepted and embraced my burnout, I'm actually feeling pretty happy. Identifying a problem is the first step towards a resolution, and I'm already well on my way with steps two and three.

So to be 100% clear: Mailpile is not dead!

Far from it, I'm way too proud of this app to just walk away and let it die. But for now, Mailpile has been demoted to a part time job at most, and a beloved hobby at worst. Considering how unproductive I had become, you may not even notice any difference...

Finally, if reading this gives you the urge to help out, here are a few things you can do for me and for Mailpile:

Use Mailpile! It's not perfect, but it's pretty great. Tweet or toot what you like about it... I'm listening! Help make our Community Discourse a useful, welcoming place. Donate: As always, I'll do my best to spend it wisely.

Thanks for reading!

-- Bjarni

Community Discourse: Launched!

Posted by Bjarni Rúnar on 15 February, 2019

Hello Mailpile world!

We have launched a new site for community discussions about Mailpile: community.mailpile.is

The site runs the excellent Discourse software, which means it's primarily an accessible web-based discussion forum, but it can also be used as a mailing list for those who prefer such things. Our Discourse was set up by a kind member of our community, Greg Sutcliffe. Thanks Greg! And thanks Ásta for helping me launch the site properly.

The purpose of the site is to give people a searchable, "on the record" venue to discuss Mailpile, provide feedback, exchange tips and tricks - and get support. The forum is brand new and pretty empty at the moment, so please feel free to post something and start a conversation!

For more ephemeral discussions, we still have #mailpile on Freenode, and for bug reports we have GitHub Issues. The Community site is for everything else.

Including discussions about our blog posts!.

Progress Report: events, packages, 1.0

Posted by Bjarni Rúnar on 27 October, 2018

Hello world! How are you?

I'm writing this, sitting on a bus in Luxembourg, realizing that we have been very quiet for quite some time. Our last posts were in May, first a report on the results of our first round of desktop package usability testing, quickly followed by a statement on how the EFail flaw impacted Mailpile.

Since then we may have been quiet, but we have not been idle:

Many, many bugs have been found and fixed

The first round of our desktop packaging project is complete, we have packages and very basic desktop integration for both Windows and the Mac

Mailpile's multi-user Apache integration (Multipile) has been simplified and reworked

Mailpile's internal (in-memory) master security key is now protected against memory corruption

Mailpile is now compatible with Autocrypt Level 1, but not yet fully compliant

with Autocrypt Level 1, but not yet fully compliant I attended the OpenPGP e-mail summit in Brussels

I would like to publicly thank Alex and Pétur for their hard work on the Mailpile Desktop packages, and in particular for how they took delays and slow responses from my end graciously and in stride.

Read on to learn a bit more about the OpenPGP E-mail Summit, our CCC plans, the state of the desktop packaging work, and of course the elusive 1.0 release.

The OpenPGP Summit and 35c3

Last weekend I visited the Mailfence office in Brussels, to attend the annual OpenPGP E-mail Summit.

The OpenPGP E-mail Summit is one of my favourite community events. Just two days long, it is an informal event focused on getting people from the world of e-mail encryption to exchange knowledge and collaborate.

This year there were (by my rough guesstimate) about 50 people from over 20 projects present, including Phil Zimmermann himself, the creator of PGP. I was very happy to meet him and shake his hand. We ended up having about 20 different sessions, discussing topics ranging from key server management, to user interfaces, to updating the OpenPGP standard itself.

Notes from all the sessions have been published.

There was also a dinner and plenty of socializing, the value of which is not to be understated. Meeting people face-to-face almost always makes collaboration online easier and more productive.

For Mailpile, the main outcomes of the summit were the following:

There seems to be potential for partnerships with 2-3 other businesses in the OpenPGP space, which we look forward to exploring further. The Web Key Directory specification is still evolving in ways which may require we re-evaluate how we use it in Mailpile. Mailpile will aim for Autocrypt Level 1 compliance, soon! Our aim is to get a member of the community to review and confirm our implementation at the 35c3 conference. We have a volunteer to perform the review. I have a voucher and will be representing Mailpile at 35c3. Come say hi!

It was a productive weekend!

When will Mac and Windows packages be available?

If you've e-mailed me asking this question; my apologies for not answering. I haven't replied, because I don't know! If I did, our download page would just say so.

There are three main tasks we need to complete before we make the desktop packages available to the wider Internet:

A short private beta, to reassure ourselves the packages don't have any blindingly obvious bugs. Launch a Discourse forum, so our users have a venue to help each other out. Finish our "build robot" so packaging becomes an automated process without any human bottlenecks.

I am not going to commit to a time-line for getting this done, but this work is all in progress and won't take forever. This year? This year.

It's worth mentioning that some important tasks have been postponed and will not be blocking the availability of packages - so these packages will not be "Mailpile 1.0". But they're close.

So, what about Mailpile 1.0?

Our current release is 1.0.0rc4, tagged and pushed earlier today.

At times it feels like we're chasing the tortoise from one of Zeno's paradoxes, always getting closer but never able to catch up. For every issue we close, others are opened...

But in spite of that, my to-do list for the elusive "Mailpile 1.0" release really is starting to get shorter and the issues that remain are not as complex as the ones we've resolved. I've updated the GitHub Milestone to reflect the current priority issues. It's not a long list, mostly relatively minor bugfixes.

The two big items left on my 1.0 roadmap are:

Fully implement Autocrypt Level 1 Implement easy remote access (PageKite and Tor Hidden Services)

The former is necessary for an interoperable and complete implementation of "PGP for everyone", and the latter is needed so people can access their Mailpiles remotely - in particular to access their Mailpile from their smart-phones.

Again, I'm not going to make any promises about when these will get done.

But this mini roadmap is still worth sharing, because if you liked the vision behind Mailpile and those two issues aren't critical for your use-case... then maybe Mailpile is already ready for you. Maybe!

One-point-oh is an important label, but it's not everything.

Mailpile is already a great e-mail client. Give it a try!

Older stuff