diff --git a/README.md b/README.md index 6a2cfa2..25ebdb8 100644 --- a/README.md +++ b/README.md @@ -1 +1,21 @@ -Slide e risorse per il talk _(Open|Libre)PGP - Novità, controversie e sviluppi futuri_ proposto ad [HackЯocchio](https://hackrocchio.org/) e [Hack or Di(y|e)](https://hacklabbo.indivia.net/hackordiye24/) 2024. \ No newline at end of file +Slide e risorse per il talk _(Open|Libre)PGP - Novità, controversie e sviluppi futuri_ proposto ad [HackЯocchio](https://hackrocchio.org/) e [Hack or Di(y|e)](https://hacklabbo.indivia.net/hackordiye24/) 2024. + + +[Abstract](abstract.md) | [Bibliografia](bibliografia.md) + +Framework usato: [Marp](https://marp.app/) + +## Per generare le slide (HTML e PDF) + +Vi servono `git` e una versione ragionevolmente aggiornata di `npm`. + +``` +git clone ... +cd ... +npm ci +npm run build # oppure npm run build-html se vi interessa solo la versione HTML +``` + +quindi aprite dist/html/index.html col vostro browser preferito oppure dist/pdf/slides.pdf col vostro lettore di PDF preferito. + +Potete riutilizzare ed eventualmente modificare le slide secondo i termini della licenza [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/deed.it) diff --git a/abstract.md b/abstract.md new file mode 100644 index 0000000..cac3e7a --- /dev/null +++ b/abstract.md @@ -0,0 +1,25 @@ +# Titolo +(Open|Libre)PGP - Novità, controversie e sviluppi futuri + +# Durata +30 min. + +# Lingua +Italiano + +# Abstract +Sin dai primi anni '90, PGP e lo standard aperto da esso derivato +OpenPGP hanno rappresentato un punto di riferimento dell'attivismo +per la privacy digitale. + +Dopo alcuni anni di lavoro, nei mesi scorsi è stata pubblicata la +nuova edizione di OpenPGP (RFC 9580, luglio 2024) che modernizza +lo standard introducendo algoritmi più robusti e nuove feature, ma +alcune controversie nel gruppo di lavoro hanno provocato uno scisma +nella comunità rischiando di portare a due standard reciprocamente +incompatibili. + +Nel talk saranno presentate le novità introdotte dalla nuova RFC, +gli sviluppi previsti nel prossimo futuro e verranno discusse le +motivazioni del fork. + diff --git a/bibliografia.md b/bibliografia.md new file mode 100644 index 0000000..cf51d09 --- /dev/null +++ b/bibliografia.md @@ -0,0 +1,39 @@ +# Bibliografia + +- [RFC 9580](https://www.rfc-editor.org/rfc/rfc9580.html) +- [IETF Working group](https://datatracker.ietf.org/wg/openpgp/about/) + - [Archivio Mailing list](https://mailarchive.ietf.org/arch/browse/openpgp/) + - [Presentazioni ai meeting IETF](https://datatracker.ietf.org/wg/openpgp/meetings/) +- [LibrePGP Message Format](https://datatracker.ietf.org/doc/draft-koch-librepgp/) (Internet Draft, Work in progress, agg. Settembre 2024) +- LibrePGP: [_A Critique on the OpenPGP Updates_](https://librepgp.org/#critique) - Novembre 2023 +- Andrew Gallagher: [_A Critique on “A Critique on the OpenPGP Updates”_]( https://blog.pgpkeys.eu/critique-critique.html) - Dicembre 2023 +- Andrew Gallagher: [_A Summary of Known Security Issues in LibrePGP_](https://blog.pgpkeys.eu/security-issues-librepgp-2024-08.html) - Agosto 2024 +- Daniel Huigens: [_Modernizing email encryption_](https://proton.me/blog/openpgp-crypto-refresh) - Proton.me blog - Settembre 2023 +- Daniel Huigens: [_Modernizing email encryption: the crypto refresh of OpenPGP_](https://fosdem.org/2024/schedule/event/fosdem-2024-2669--security-modernizing-email-encryption-the-crypto-refresh-of-openpgp/) - FOSDEM 2024 +- Justus Winter: [_Sequoia-PGP, v5 OpenPGP, Authentication, and Debian_](https://sequoia-pgp.org/talks/2022-07-debconf22/slides.pdf) - DebConf 2022 +- Justus Winter: [_Sequoia PGP, sq, gpg-from-sq, v6 OpenPGP, and Debian_](https://debconf24.debconf.org/talks/127-sequoia-pgp-sq-gpg-from-sq-v6-openpgp-and-debian/) - DebConf 2024 +- Holger Levsen: [_Chameleon - the easy way to try out Sequoia - OpenPGP written in Rust_](https://debconf24.debconf.org/talks/16-chameleon-the-easy-way-to-try-out-sequoia-openpgp-written-in-rust/) - DebConf 2024 +- Falko Strenzke: [_Security Considerations for Session Key Reuse in OpenPGP Crypto-Refresh_](https://datatracker.ietf.org/meeting/116/materials/slides-116-openpgp-session-key-reuse-considerations-00.pdf) - IETF 116 +- [_OpenPGP interoperability test suite_](https://tests.sequoia-pgp.org/) +- Lars Wirzenius: [_A conceptual map of the OpenPGP ecosystem_](https://gitlab.com/sequoia-pgp/openpgp-map) +- [_Minutes of the 8th OpenPGP Email Summit_](https://www.openpgp.org/community/email-summit/2024/minutes/) - Giugno 2024 +- [Discussione nel forum di Thunderbird](https://thunderbird.topicbox.com/groups/planning/Tb25991822e032b0f/openpgp-email-encryption-the-schism-and-post-quantum-cryptography) - Giugno-Settembre 2024 +- Andrew Gallagher: [_The State of the Keyservers in 2024_](https://blog.pgpkeys.eu/state-keyservers-2024.html) - Gennaio 2024 +- Andrew Gallagher: [_Keyserver Updates and Roadmap_](https://blog.pgpkeys.eu/keyserver-roadmap-2024-08.html) - Agosto 2024 +- Sui problemi di _Keyserver abuse_ e _Certificate Flooding_ + - Micah Lee: [_Trolling the Web of Trust_](https://github.com/micahflee/trollwot) - OHM2013 + - Daniel Kahn Gillmor: [_Community Impact of OpenPGP Certificate Flooding_](https://dkg.fifthhorseman.net/blog/community-impact-openpgp-cert-flooding.html) - Giugno 2019 + - Neal H. Walfield: [_Certificate Flooding, SKS and GnuPG Issues, and the Sequoia Project_](https://sequoia-pgp.org/blog/2019/07/08/certificate-flooding-sks-gnupg-issues-the-sequoia-project/) - Luglio 2019 + - Daniel Kahn Gillmor: [_Abuse-Resistant OpenPGP Keystores_](https://datatracker.ietf.org/doc/draft-dkg-openpgp-abuse-resistant-keystore/) (Expired Internet Draft 2019-2023) + - Gunnar Wolf: [_Protecting OpenPGP keyservers from certificate flooding_](https://debconf24.debconf.org/talks/39-protecting-openpgp-keyservers-from-certificate-flooding/) - DebConf 2024 + - Gunnar Wolf, Jorge Luis Ortega-Arjona: [_A Protocol for Solving Certificate Poisoning for the OpenPGP Keyserver Network_](https://www.researchgate.net/publication/380850329_A_Protocol_for_Solving_Certificate_Poisoning_for_the_OpenPGP_Keyserver_Network) - Maggio 2024 +- Implementazioni + - [GOpenPGP (Go)](https://github.com/ProtonMail/gopenpgp/tree/v3) + - [OpenPGP.js (Javascript)](https://github.com/openpgpjs/openpgpjs/tree/crypto-refresh) + - [PGPainless (Java)](https://github.com/pgpainless/pgpainless/milestone/6) + - [PGPy (Python)](https://github.com/dkg/PGPy/tree/dkg/crypto-refresh) + - [Sequoia (Rust)](https://gitlab.com/sequoia-pgp/sequoia/-/tree/crypto-refresh) + - [Bouncy Castle (C#)](https://github.com/bcgit/bc-csharp/pull/525) - la mia Pull Request in corso di revisione +- Approfondimenti tecnici e internals del protocollo + - AA.VV.: [_OpenPGP for application developers_](https://openpgp.dev/book/) + - AA.VV.: [_OpenPGP Under The Hood_](https://under-the-hood.sequoia-pgp.org/)