Just reading in-depth and trying to understand the security model of Delta.Chat a bit more… There’s a few things that really concern me about how Delta.Chat which relies on Autocrypt work:
- There is no Perfect Forward Secrecy
- No verification of keys
- Is therefore susceptible to Man-in-the-Middle attacks
- Is therefore susceptible to Man-in-the-Middle attacks
- Metadata is a BIG problem with Delta.Chat:
- The
To
andFrom
andDate
are trackable by your Mail provider (amongst many other headers)
- The
Hmmm 🤔 cc @deebs@twtxt.net