LEAP Encryption Access Project
What is Federation?
- user → provider → provider → user
- eg: SMTP, XMPP
Better federation
- The users should be protected from the provider.
- The provider should be protected from users.
What does
LEAP do?
-
LEAP Platform:
a toolkit to make it easy for you to run a service provider.
-
New protocols:
so that users don't need to trust the provider.
-
Bitmask client:
a client that works smoothly with any compatible provider.
LEAP Platform
sudo gem install leap_cli
leap new example --domain example.org
cd example
leap add-user --self
leap cert ca
leap cert dh
leap cert csr
leap node add blueberry services:openvpn \
ip_address:1.1.1.1 openvpn.gateway_address:1.1.1.2
leap node add raspberry services:couchdb,webapp \
ip_address:1.1.1.3
leap init node
leap deploy
New Protocols
-
Soledad: searchable client-encrypted synchronized database.
-
Bonafide: secure user registration, authentication, password change, etc.
-
Key management: precise rules for OpenPGP best practices, automated.
Current Services: VPN
- Easy to use.
- Route all your internet trafic through an encrypted channel.
- Prevent eavesdropping (thiefs in the public network, police, ...).
- Circunvent internet censorship.
- Prevent leaks (DNS, IPv6, ...).
Current Services: email
Work in progress
- Easy to use.
- End-to-end encryption.
- Automatic key discovery and validation.
- Backwards compatible with email and current OpenPGP usage.
- Service provider has no access to user data.
- Strong protection for metadata, when supported.
- Cloud synchronized for high availability on multiple devices.
Our goals:
- Mass adoption
- Increase the cost of dragnet surveillance
Pixelated Useragent
- Bitmask client and Email Client combined.
- Modern, good looking UI.
- Integrated search, search index encrypted
- Tagging
Activist Setup
- Useragent needs to get installed locally
- Private Keys on local device
Organisation Setup
- Multi-User encrypted Webmail
- No Installation, access via browser
- Private Keys on the server
- Activist Setup possible on individual choice
Metadata
- Simple Mail Transfer Protocol from 1982 (!)
- Email exposes lots of metadata (Date:, From:, To:, Subject:, Useragent:)
- "Memory Hole" proposal to hide metadata in gpg encrypted mail
- Enforce Transport Security whenever possible.