[Disroot] - DisNews 24.11 - Lacre 公开测试版

xylon

收到的官方邮件!


DisNews 24.11 - Lacre 公开测试版
嘿，你好
重要提示！
首先，向所有 E-mail 用户提供一个重要信息。您可能已经收到了几封电子邮件，通知您更新 Disroot 帐户或从邮箱中删除邮件。我们想警告您 - 这些电子邮件是骗局，您永远不应该点击其中提供的任何链接！我们从不发送此类消息，即使我们将来发送通知，通知您您的邮箱已满，我们也绝不会提供链接供您点击。都 我们将做的是向您发送信息，以便您可以像往常一样登录您的电子邮件进行检查。您可以随时与我们联系以确保您收到的消息是合法的。互联网上到处都是试图利用我们所有人的人！
现在，进入主要话题。
是时候进入 Lacre 测试的下一阶段了。我们的传入电子邮件加密端到端解决方案已准备好在更广泛的范围内进行测试。在过去的几周里，我们一直在 Disroot 电子邮件服务器上运行 Lacre，以便在更多人开始使用它之前检查一些令人讨厌的错误和边缘情况。仅凭少数来自勇敢的早起鸟上传的密钥，我们就设法发现了一些烦人的小问题并解决了这些问题。
我们现在已准备好继续前进。我们推出了一个专用的电子邮件地址：您可以在这里提交您的 GnuPG （PGP） 公钥。然后，密钥将手动添加到系统中，默认情况下，所有发送给您的传入电子邮件都应自动加密。我们决定以这种方式进行，而不是向所有人开放自动上传功能，以防止不熟悉 GnuPG 或一般加密的人意外上传密钥。拉克雷 提供真实且不妥协的端到端加密，这有其优点和缺点。如果您不知道自己在做什么（并且不小心删除了客户端上的密钥对或松散的密钥），您可能会不可撤销地失去对使用 Lacre 加密的电子邮件的访问权限。这种方法不允许我们或任何其他人在没有您的设备密钥的情况下解密已经加密的电子邮件。因此，为了在 Disroot 上的 Lacre 早期尽可能谨慎地应用，我们希望提供当前的 测试版仅提供给熟悉加密基础知识的用户。lacre_keys@disroot.org
此测试的重点是查看负载下如何工作，以及我们是否发现了更多电子邮件由于某种原因未加密的边缘情况，或者是否只是中断了。我们将通过电子邮件定期通知所有参与者。我们将发布所有可能的问题，无论是出于某种原因我们禁用加密，还是是否有任何值得一提的改进。我们还将尝试从您那里收集一些反馈，以帮助改进服务。
一旦我们对当前的实施充满信心，我们计划开放一项服务，允许对加密密钥进行自我管理（上传新密钥、删除密钥等）。这将需要改进载入。该计划是不要在您的安全性上妥协（以一种或另一种方式将私钥存储在服务器上），但同时要确保即使是您的祖母也可以享受邮箱加密。这是一条漫长的路，只要一小步，我们就会到达那里。
因此，请上传您的密钥，并享受您的加密邮箱！


原文:

DisNews 24.11 - Lacre open beta
Hi there,
Important Note!
First of all, an important information to all E-mail users. You might have been getting several emails informing you to update your Disroot account or remove mails from mailbox. We would like to warn you - those E-mails ARE SCAM and YOU SHOULD NEVER click any links provided in those! We never send such messages and even if we would send notifications in the future, informing you that your mailbox is full, we will never provide links for you to click on. All we will do is send you information, so you can log in to your E-mail as you always do to check. You can always contact us to make sure the message you received is legit. The internet is filled with people trying to take advantage of us all!
Now, on to the main topic.
It is time to move to the next phase of Lacre testing. Our end-to-end solution to incoming E-mail encryption is ready to be tested on a broader scale. For the past weeks we have been running Lacre on the Disroot email server to check some nasty bugs and edge cases before more people start using it. With just a handful of uploaded keys from brave early birds we managed to find some little annoying issues and to take care of those.
We are now ready to move on. We've launched a dedicated E-mail address: where you can submit your GnuPG (PGP) public key. Keys will then be manually added to the system and all incoming E-mails addressed to you should be automatically encrypted by default. We decided to do it this way, rather than opening auto-upload feature to everyone, to prevent accidental key uploads from people who aren't well versed in GnuPG or encryption in general. Lacre provides a true and uncompromised end-to-end encryption which has it's pros and cons. If you don't know what you're doing (and accidentally delete your key pair on a client or loose keys) you may irrevocably loose access to your E-mails encrypted with Lacre. This approach does not allow us, or anyone else for that matter, to decrypt already encrypted E-mails without your secret key on your device. So to apply as much caution in those early days of Lacre on Disroot, we want to provide current beta to only those who are familiar with the basics of encryption.lacre_keys@disroot.org
The focus of this test is to see how things work under load and whether we find more edge cases where E-mails don't get encrypted for one reason or another, or if things simply break. We will keep everyone participating informed on regular basis via E-mail. We will post about all possible issues, whether for some reason we disable encryption or if there was any improvements worth mentioning. We will also try to gather some feedback from you to help improve the service.
Once we are confident with current implementation, we plan to open a service allowing for self-management of encryption keys (uploading new keys, removing keys, etc). This will require improvements in onboarding. The plan is to not compromise on your security (storing private key on the server in one way or another) but at the same time make sure that even your grandma can enjoy mailbox crypto. It's a long way, with small steps we will get there.
So please, upload your keys, and enjoy your encrypted mailbox!