Sequoia-PGP, v5 OpenPGP, Authentication, and Debian
Speaker: Justus Winter
Language:
Track: Security
Type: Long talk (45 minutes)
Room: Drini
Time: Jul 18 (Mon): 14:00
Duration: 0:45
In this talk I will introduce the Sequoia-PGP project, its social and technical goals, what we have accomplished so far and what we hope to accomplish in the future. I will also highlight important projects in the broader ecosystem, notably OpenPGP-CA, the OpenPGP Interoperability Test Suite, Hagrid, the Octopus, and the Chameleon.
I will briefly highlight the most important changes that the upcoming revision of the OpenPGP protocol will bring for developers and users.
Finally, I want to talk about one of the core strengths of the OpenPGP protocol: authentication. I will highlight how OpenPGP-CA makes a once cumbersome process transparent to the end users, by leveraging existing organizational trust boundaries, and how Debian and the broader Free Software ecosystem can use this to build a secure and ergonomic authentication mechanism from the bottom up. To conclude, I want to discuss how this enables us to protect the software supply chain from the version control systems to source and binary packages.