#+TITLE:     GnuPG: Past, Present, and Future
#+Author:    Werner Koch
#+EMAIL:     wk@gnupg.org
#+DATE:      DebConf15 --- Heidelberg\newline{} August 16, 2015
#+LANGUAGE:  en
#+OPTIONS:   H:2 num:t toc:nil \n:nil @:t ::t |:t ^:{} -:t f:t *:t <:t
#+OPTIONS:   TeX:t LaTeX:nil skip:nil d:nil todo:t pri:nil tags:not-in-toc
#+STARTUP: beamer
#+LATEX_CLASS: beamer
#+LATEX_CLASS_OPTIONS: [presentation]
#+BEAMER_THEME: Singapore
#+BEAMER_HEADER: \usepackage{pgfplots}
#+BEAMER_HEADER: \pgfplotsset{compat=1.11}
#+BEAMER_HEADER: \usepackage{tikz}
#+BEAMER_HEADER: \usetikzlibrary{shapes}
#+BEAMER_HEADER: \usetikzlibrary{positioning}
#+BEAMER_HEADER: \logo{\includegraphics[height=5mm]{gnupg-logo-tr.png}}
#+COLUMNS: %45ITEM %10BEAMER_ENV(Env) %2BEAMER_ACT(Act) %4BEAMER_COL(Col) %8BEAMER_OPT(Opt)

#+begin_beamer
\setbeamercovered{transparent}
\setbeamertemplate{itemize item}[triangle]
\setbeamertemplate{itemize subitem}[ball]

% Support newlines (via \\) in a tabular cell.  The first parameter is
% how to horizontally align the text (e.g., l, r, or c).  The next
% parameter is the text to typeset.  The optional parameter specifies
% how to vertically align the cell *within* the box (either t, b, or
% c).  Note this vertical alignment does not set the baseline.
% [[http://tex.stackexchange.com/questions/2441/how-to-add-a-forced-line-break-inside-a-table-cell]]
% http://tex.stackexchange.com/questions/23521/tabular-vertical-alignment-to-top
\newcommand{\breakablecell}[3][c]{%
  \begin{tabular}[#1]{@{}#2@{}}%
  \def\valignment{#1}%
  \def\defaultalignment{}% Equivalent to c.
  \def\topalignment{t}%
  \def\bottomalignment{b}%
  \def\centeralignment{c}%
  \ifx\valignment\defaultalignment%
  \else%
    \ifx\valignment\centeralignment%
    \else%
      \ifx\valignment\bottomalignment%
        \vtop\bgroup\null\hbox\bgroup%
      \else%
        \ifx\valignment\topalignment%
          \errmessage{Error: t is unimplemented.}%
        \else%
          \errmessage{Error: Invalid vertical alignment #1}%
        \fi%
      \fi%
    \fi%
  \fi%
  #3%
  \ifx\valignment\defaultalignment%
  \else%
    \ifx\valignment\centeralignment%
    \else%
      \egroup\egroup%
    \fi%
  \fi%
  \end{tabular}%
}

\tikzset{a/.style={thin,circle,draw=black,minimum
                   size=1.5cm,font={\scriptsize}}}
\tikzset{b/.style={a,fill=blue!40}}
\tikzset{c/.style={a,fill=green!40}}
\tikzset{bc/.style={a,circle split, shade, shading=axis, shading angle=0,
                   left color=green!40, right color=blue!40}}



\def\alerton[#1]#2{\alt<#1>{\alert{#2}}{#2}}
\AtBeginSection[]
  {
     \begin{frame}<beamer>
     \frametitle{Outline}
     \tableofcontents[currentsection,hideothersubsections]
     \end{frame}
  }
#+end_beamer
#+MACRO: alerton  @@beamer:\begin{alertenv}<$1>@@
#+MACRO: alertend @@beamer:\end{alertenv}@@

* Past
** PGP-2 and the year was 1991

 - First public available crypto tool by Phil Zimmermann.
 - @@beamer:<2->@@ Heavily improved by  Branko Lankester, Colin Plumb,
   Derek Atkins, Hal Finney, Peter Gutmann, et al.


 - @@beamer:<3->@@ Problem 1: RSA patent
 - @@beamer:<4->@@ Problem 2: IDEA patent
 - @@beamer:<5->@@ Problem 3: Export restrictions

** PGP-5 and OpenPGP
# Only a quick run through.

 - 1996: PGP Inc founded
 - Spring 1997: DH patent expired, PGP-5 released
 - Autumn 1997: OpenPGP WG chartered
 - Spring 1998: PGP Inc bought by NAI (ceased support in 2002)
 - Autumn 1998: RFC-2440 published
 - Autumn 2007: RFC-4880 published

** IN Kongreß 1997

#+begin_center
#+BEAMER:\vspace{-5mm}
#+BEAMER:\includegraphics[width=0.7\textwidth]{in-kongress-97.pdf}
#+end_center

** g10 / GnuPG
***                                                                 :B_quote:
    :PROPERTIES:
    :BEAMER_env: quote
    :BEAMER_ACT: <2->
    :END:
„Das Briefgeheimnis sowie das Post- und Fernmeldegeheimnis sind
unverletzlich.  Beschränkungen dürfen nur auf Grund eines Gesetzes
angeordnet werden.”

***                                                                 :B_block:
    :PROPERTIES:
    :BEAMER_env: block
    :END:

 - @@beamer:<1->@@ PGP-5 was non-free
    - even PGP-2 not DFSG compatible
 - @@beamer:<2->@@ December 1997: @@beamer:\alerton[2]{g10}@@ as free
   PGP-2 replacement
   - No patented algorithms
   - Designed as Unix tool
 - @@beamer:<3->@@ Spring 1998: Name now GnuPG, protocol now OpenPGP.

** Algorithm selection

 - Initial version
   - Elgamal simply replaced RSA (sign+encrypt)
   - Blowfish as symmetric cipher
   - IDEA as plugin for PGP-2 compatibility in some countries.

 - OpenPGP introduced subkeys
   - DSA for signatures, Elgamal for encryption.
   - 3DES and CAST5 for symmetric cipher.
   - RSA added in September 2000

#+beamer:\pause
 - GnuPG and PGP-{5,6,7}
   - Worked with Hal Finney and Jon Callas
   - Informal interop testings
   - Testing of new features


** GnuPG-2

 - @@beamer:<1->@@ g10^{code} founded in 2001
 - @@beamer:<2->@@ Bid accepted to implement S/MIME
 - @@beamer:<3->@@ \ldots birth of GnuPG-2 (2003)
   - modularized
   - separated crypto library
   - library (gpgme)

** GnuPG in Debian

***                                                                 :B_block:
    :PROPERTIES:
    :BEAMER_env: block
    :END:
\scriptsize
#+begin_example
g10 (0.2.7-1) unstable; urgency=low

  * Initial release.

 -- James Troup <jjtroup@...>  Fri, 20 Feb 1998
#+end_example

***                                                                 :B_block:
    :PROPERTIES:
    :BEAMER_env: block
    :END:
 - @@beamer:<2->@@ =gpgv= written in 2000 to prepare for signed packages
 - @@beamer:<3->@@ 4 years later integrated into =apt=
 - @@beamer:<4->@@ GnuPG-2 packaged in 2004

** Port to Windows

 - @@beamer:<1->@@Experimental port to Windows in 1998

 - @@beamer:<2->@@Final port to Windows in 2000
   - Thanks to grant from the German government

 - @@beamer:<3->@@Gpg4win published in 2006

 - @@beamer:<4->@@GnuPG-2 was not designed to be ported
    - \ldots but we did it anyway

 - @@beamer:<5->@@ Surprising number of Gpg4win users

* Present
** Branches

 - @@beamer:<1->@@ Version 2.1 (“@@beamer:\alerton[1]{modern}@@”)
   - Released November 2014
   - Fixing remaining bugs
   - Adding last features
   - In experimental

 - @@beamer:<2->@@ Version 2.0 (“@@beamer:\alerton[2]{stable}@@”)
   - Just maintained.
   - Minor changes to help migration to 2.1.

 - @@beamer:<3->@@ Version 1.4 (“@@beamer:\alerton[3]{classic}@@”)
   - Supported to help with old data and keys.
   - Keeping PGP-2 support.
   - Minor changes to help migration to 2.1.

** OpenPGP WG timeline

#+begin_beamer
\begin{description}
\item<1->[Mar 2008] Concluded after RFC-4880
\item<2->[Jun 2015] WG re-chartered
\item<3->[Sep 2015] WG (rough) consensus on updates to RFC-4880.
\item<4->[Feb 2016] First WG I-D for RFC-4880bis
\item<5->[Jul 2016] RFC-4880bis WG I-D final call
\end{description}
#+end_beamer

** RFC-4880bis goals

  - Potential inclusion of curves recommended
    by the Crypto Forum Research Group (CFRG)

  - A symmetric encryption mechanism that offers modern message
    integrity protection (AEAD)

  - Revision of mandatory-to-implement algorithms and
    deprecation of weak algorithms

  - An updated public-key fingerprint mechanism

** Elliptic curve cryptography

#+begin_beamer
\begin{center}
  \begin{tikzpicture}
    \begin{axis}[%
        height=35mm,
        axis lines=center,
        xticklabels={},
        yticklabels={},
        samples=150,
        domain=-2.8:5]
    \addplot[blue]{sqrt(x^3+17)};
    \addplot[blue]{-sqrt(x^3+17)};
    \end{axis}
  \end{tikzpicture}
\end{center}
#+end_beamer


 - @@beamer:<2->@@ RFC-6637 specifies ECC for OpenPGP.
   - @@beamer:\alerton[3]{NIST curves}@@,
   - but allows other curves (e.g. Brainpool).
 - @@beamer:<2->@@ 2.1 implements this since 2011.
 - @@beamer:<3->@@ NIST curves are somewhat suspect.
 - @@beamer:<4->@@ We want curves with better repudiation:
   - ECDH with Curve25519,
   - EdDSA using Ed25519,
   - Maybe CFRG suggested curves

** Feature: Remote use

#+begin_beamer
\begin{center}
  \begin{tikzpicture}
    \draw (0, 0) node[b, minimum width=2cm]{\breakablecell{c}{Exposed\\box}}
          -- (3, 0) node[b, minimum width=2cm]{\breakablecell{c}{Safe\\box}};
   \end{tikzpicture}
\end{center}
#+end_beamer

 - @@beamer:<2->@@ We use ssh’s socket forwarding to
   - run gpg-agent on the "safe" box
   - run gpg on an "exposed" box (server)
 - @@beamer:<2->@@ See =--extra-socket=, =--browser-socket=.

** Donations

  - @@beamer:<1->@@ 5000 USD/month from the Linux Foundation for 2015

  - @@beamer:<2->@@ ProPublica article in February ...

  - @@beamer:<3->@@ we received \tilde{}300 KEUR in donations
    - Individual
    - Corporate (Stripe, FB)

  - @@beamer:<4->@@ No donation campaign right now
     - Tax issues
     - @@beamer:<5->@@ Turning g10^{code} into a non-profit

  - @@beamer:<6->@@ We are lucky --- other projects still suffer.


** How we spend the donations

  - @@beamer:<1->@@ Neal Walfield as second full time developer

  - @@beamer:<2->@@ Yutaka Niibe does contractual work
    (e.g. smartcards, ECC)

  - @@beamer:<3->@@ Kai Michaelis helps with Enigmail part time

  - @@beamer:<4->@@ Me :-)

** Special thanks

  - David Shaw

  - Marcus Brinkmann

  - Jussi Kivilinna

  - Andre Heinecke

  - Debian folks:
    - Andreas Metzler
    - Daniel Kahn Gilmor
    - Daniel Leidert
    - Eric Dorland
    - James Troup
    - Matthias Urlichs
    - Thijs Kinkhorst

  - Bug reporters, reviewers, testers, donors, \ldots


* Future

** Vision

 - Thanks to Snowden, new demand for encryption

 - Gpg and Web-of-Trust are too hard
   - Keysigning parties are for geeks
#+beamer:\pause

 - New default focus:
   - Mass surveillance (not targetted)
   - Easy to use

 - Still supporting targetted users
   - Question of default options


** Support for TOR and GNUnet

 - @@beamer:<1->@@ All network access via a separate module

 - @@beamer:<2->@@ New option =--enable-tor= to route everything over TOR
   - challenge: We need a torified resolver

 - @@beamer:<3->@@ GNU Naming System (GNS).


** Tofu

***                                                            :B_definition:
    :PROPERTIES:
    :BEAMER_env: definition
    :BEAMER_ACT: <1->
    :END:
 Trust On First Use: Secure Shell's trust model
***                                                                 :B_block:
    :PROPERTIES:
    :BEAMER_env: block
    :END:

 - @@beamer:<2->@@ There is a detailed plan for a TOFU design

 - @@beamer:<3->@@ Will be available in 2.2

 - @@beamer:<4->@@ Will eventually be the default trust model


** GPGME

 GPGME is a library to access gpg, gpgsm, and gpg-agent.

\bigskip

#+beamer:\pause

 Planned features:

 - Better integrated language bindings

 - Support for new gpg features

 - Run gpg as a co-process
   - signature verification
   - decryption

** GnuPG release scheduling

 - @@beamer:<1>@@ 1.4 releases as needed
   - No ECC support, though.

 - @@beamer:<2>@@ 2.0 will reach end-of-life in December 2017.
   - No backport of ECC or other RFC-4880bis stuff.

 - @@beamer:<3>@@ 2.1 will be be replaced by *2.2* and declared as *stable*:
   - Release date: End of this year.
   - Support for Curve25519 encryption.
   - Support for some proposed RFC-4880bis features.
   - ECC key generation needs =--expert= temporarily.

 - @@beamer:<4>@@ 2.3 for RFC-4880bis development
   - Certain features will be backported to 2.2

*                                                           :B_ignoreheading:
  :PROPERTIES:
  :BEAMER_env: ignoreheading
  :END:
** Summary
***                                                                 :B_block:
    :PROPERTIES:
    :BEAMER_env: block
    :END:

 - @@beamer:<1,4->@@ 2.1/2.2 will soon be the standard version.
 - @@beamer:<2,4->@@ Solid development team.
 - @@beamer:<3,4->@@ Making mass surveillance expensive.

***                                                                 :B_block:
    :PROPERTIES:
    :BEAMER_env: block
    :BEAMER_ACT: <4->
    :END:

#+begin_center
  Thanks for attending.
#+end_center


#+BEAMER: {\vfill}
#+BEAMER: {\vspace{10mm}}
#+BEAMER: {\tiny{Slides are \copyright{} 2015 The GnuPG Project, CC BY-SA 4.0.
#+BEAMER: \url{https://gnupg.org/ftp/blurbs/debconf15_gnupg-past-present-future.org}}}