Sequoia-PGP, v5 OpenPGP, Authentication, and Debian

Speaker: Justus Winter


Track: Security

Type: Long talk (45 minutes)

Room: Drini

Time: Jul 18 (Mon): 14:00

Duration: 0:45

In this talk I will introduce the Sequoia-PGP project, its social and technical goals, what we have accomplished so far and what we hope to accomplish in the future. I will also highlight important projects in the broader ecosystem, notably OpenPGP-CA, the OpenPGP Interoperability Test Suite, Hagrid, the Octopus, and the Chameleon.

I will briefly highlight the most important changes that the upcoming revision of the OpenPGP protocol will bring for developers and users.

Finally, I want to talk about one of the core strengths of the OpenPGP protocol: authentication. I will highlight how OpenPGP-CA makes a once cumbersome process transparent to the end users, by leveraging existing organizational trust boundaries, and how Debian and the broader Free Software ecosystem can use this to build a secure and ergonomic authentication mechanism from the bottom up. To conclude, I want to discuss how this enables us to protect the software supply chain from the version control systems to source and binary packages.