# Transparent Key Management at LEAP
meskio - [LEAP](https://leap.se) - OpenPGP.conf, Köln 2016
# LEAP Encryption Access Project
## easy to use
## Federation
* Protect the user from the provider * Protect the provider from the user

LEAP platform

sudo gem install leap_cli
leap new example --domain example.org
cd example
leap add-user --self
leap cert ca
leap cert dh
leap cert csr
leap node add blueberry services:openvpn \
     ip_address: openvpn.gateway_address:
leap node add raspberry services:couchdb,webapp \
leap init node
leap deploy



## VPN * Prevent eavesdropping. * Circunvent internet censorship. * Prevent leaks (DNS, IPv6, ...).
# leap mail
* End-to-end encryption. * Backwards compatible with email and current OpenPGP usage. * Service provider has no access to user data. * Automatic key discovery and validation. * Cloud synchronized for high availability on multiple devices.

email service



# transitional key validation https://leap.se/en/docs/design/transitional-key-validation
## TOFU With a bunch of exceptions
## 1. First Contact When one or more keys are first discovered for a particular email address, the key with the highest validation level is registered.

2. Regular Refresh

All keys are regularly refreshed to check for modified expirations, or new subkeys, or new keys signed by old keys.

This refresh should happen via some anonymizing mechanism.

3. Key Replacement

A registered key MUST be replaced by a new key in one of the following situations, and ONLY these situations:

  • Verified key transitions.
  • If the user manually verifies the fingerprint of the new key.
  • If the registered key is expired or revoked and the new key is of equal or higher validation level.
  • If the registered key has never been successfully used and the new key has a higher validation level.
  • If the registered key has no expiration date.

Validation levels

## 1. Weak Chain ej: sks key servers, email attached key, OpenPGP header, ...
## 2. Provider Trust ej: webfinger, provider mailvelope Note: * Certified by the provider * Not auditable
## 3. Provider Endorsement ej: NickNym Note: * auditable
## 4. Historical Auditing ej: CONIKS, google's transparent keyserver
## 5. Known Key client pinned keys
## 6. Fingerprint manual verification


    0794 8FFA 6416 0A42 5BCD  27EA C732 B1D1 C28F 4E2F

Slides at: https://meskio.net/openpgp.conf