Autocrypt-Gossip: Propagating Verification Status Explained

In the ever-evolving landscape of secure communication, maintaining user trust and ensuring message integrity are paramount. One crucial aspect of this is the verification status of contacts within messaging platforms. This article delves into a proposed mechanism for propagating verification status using the Autocrypt-Gossip attribute, a method designed to enhance the user experience and bolster security in chat applications. We'll explore the rationale behind this approach, the steps involved, and the potential benefits it offers.

The Challenge: Maintaining Verification in Modern Chat Systems

Previously, the key advantage of protected chats over non-protected chats lay in their persistent encryption. However, with the advent of core v2 and key contacts, normal group chats have also achieved constant encryption, diminishing this distinction. Protected groups traditionally restricted the addition of unverified contacts, but this often led users to seek verification indiscriminately, sometimes resorting to sharing invite links in unprotected chats just to add contacts to groups. This behavior underscores the need for a more seamless and intuitive verification process.

The problem is, how do we maintain and propagate contact verification status effectively, especially when the lines between protected and non-protected chats are blurring? We need a solution that not only preserves the security benefits of verification but also streamlines the user experience and reduces friction. The Autocrypt-Gossip attribute emerges as a promising avenue for achieving these goals.

The Shift from Protected Groups and the Need for a New Approach

The current approach of relying on protected groups to enforce verification has limitations. It can lead to user frustration and workarounds that undermine the intended security measures. To address these issues, a shift away from creating protected groups is being considered, along with the deprecation of the API for protected group creation. This means, we need a robust alternative mechanism for gossiping verification status, one that doesn't rely on the protected group paradigm.

Our goal is to preserve the utility of green checkmarks for contacts and ensure the continuation of verification gossiping without the legacy Chat-Verified header. This requires a new method for disseminating verification information across the chat network, regardless of the chat's protection status. The Autocrypt-Gossip attribute offers a flexible and efficient way to achieve this.

The Solution: Leveraging Autocrypt-Gossip for Verification Propagation

The proposed solution involves adding a new attribute to Autocrypt-Gossip headers, enabling users to assert the verification status of a key within any chat context. This approach allows receivers to mark contacts as "introduced by" when they receive such an Autocrypt-Gossip header signed by a verified key. This mechanism offers a decentralized and scalable way to propagate verification information throughout the chat ecosystem.

Step-by-Step Implementation Plan

To implement this solution effectively, a phased approach is recommended. This allows for gradual adoption and minimizes disruption to existing users. Here's a breakdown of the proposed steps:

1. Introducing the New Autocrypt-Gossip Attribute: The initial step involves adding a new attribute to the Autocrypt-Gossip header. This attribute will serve as a declaration of verification status by the sender, stating that the key is verified. This is a crucial first step as it lays the foundation for the new verification propagation mechanism.

   This new attribute acts as a digital handshake, allowing users to vouch for the verification status of their contacts. When a user sends a message with this attribute in the Autocrypt-Gossip header, they are essentially saying, "I have verified this contact's key." Receivers, upon receiving this message, can then use this information to update their own contact verification status. The beauty of this approach is that it works in any chat, whether it's a one-on-one conversation or a large group chat.

   This step is designed to be non-disruptive and can be implemented without requiring users to upgrade their clients immediately. This gradual rollout ensures a smooth transition and allows for testing and refinement of the new attribute.

2. Relaxing Verification Checks in Verified Groups: The next step involves relaxing the strict verification checks currently enforced in protected groups. This includes removing the intrusive messages that replace unverified messages with notifications, such as "the message was sent with non-verified encryption." This change aims to improve the user experience by reducing unnecessary interruptions and fostering a more natural conversation flow.

   In the current system, messages from unverified contacts in protected groups are often replaced with alerts, which can be disruptive and confusing. By removing these alerts, we create a smoother and less jarring experience for users. However, it's important to note that while we relax these checks, we cannot yet allow the addition of unverified members to protected groups. This is because existing clients still treat this action as a verification signal, and changing this behavior requires careful coordination and client upgrades.

   This step is about striking a balance: improving the user experience while maintaining a baseline level of security. By removing the disruptive alerts, we make conversations more fluid, but we also need to ensure that we don't inadvertently weaken the overall verification process.

3. Deprecating New Protected Groups: The final step in this phase is to stop creating new protected groups. This marks a significant shift away from the traditional protected group model and towards a more flexible and decentralized verification system.

   The rationale behind this decision is that the protected group model is becoming less relevant with the advent of core v2 and key contacts, which provide encryption in normal group chats. By deprecating new protected groups, we are signaling our commitment to a new approach that leverages the Autocrypt-Gossip attribute for verification propagation.

   This step doesn't mean that existing protected groups will disappear overnight. However, it sets the stage for a future where all groups are treated equally in terms of verification, and the Autocrypt-Gossip attribute is the primary mechanism for managing contact trust. This shift will allow for a more consistent and user-friendly experience across all chat types.

Future Considerations: Converting Protected Groups and Streamlining Verification

Once a sufficient number of clients have upgraded to support the new Autocrypt-Gossip attribute, further steps can be taken to streamline the verification process. This includes potentially converting existing protected group chats to normal group chats and ultimately removing the concept of protected status internally. This would simplify the system and create a more unified experience for users.

However, these steps require careful planning and coordination to ensure a smooth transition. We need to consider the impact on existing users and ensure that the new system provides the same level of security and privacy as the old one.

Advantages of the Autocrypt-Gossip Approach

The proposed approach offers several key advantages over the traditional protected group model:

• Enhanced Flexibility: The Autocrypt-Gossip attribute allows for verification propagation in any chat, regardless of its protection status. This provides greater flexibility and simplifies the user experience. Think of it as a universal language for verification, allowing users to vouch for their contacts in any context.
• Improved User Experience: By removing the need for protected groups and the associated restrictions, the user experience becomes more streamlined and intuitive. No more jumping through hoops to add contacts to groups; verification becomes a more seamless part of the chat experience.
• Decentralized Verification: The Autocrypt-Gossip mechanism promotes a decentralized approach to verification, reducing reliance on a central authority or protected group paradigm. This is a more resilient and scalable solution, as verification information is propagated through the network by users themselves.
• Gradual Adoption: The phased implementation plan allows for gradual adoption and minimizes disruption to existing users. We're not throwing the baby out with the bathwater; we're carefully transitioning to a new system while ensuring that existing users are not left behind.

Conclusion: A Path Towards More Secure and User-Friendly Communication

The proposed approach of propagating verification status via the Autocrypt-Gossip attribute represents a significant step towards more secure and user-friendly communication. By moving away from the limitations of protected groups and embracing a decentralized verification mechanism, we can create a chat ecosystem that is both robust and intuitive.

This is not just about security; it's about trust. By making verification easier and more transparent, we can empower users to communicate with confidence, knowing that their messages are protected and their contacts are who they say they are. The future of secure communication lies in solutions like the Autocrypt-Gossip attribute, which prioritize both security and user experience.

This plan is subject to change and further discussion, but the core focus remains on adding a new Autocrypt-Gossip attribute and leveraging it to propagate verification status across all group chats, not just protected ones. This targeted approach ensures a manageable scope for the issue and allows for focused development and testing.