p≡p is an end-to-end privacy-focused security architecture, which, in its first incarnation, aims to provide a seamless private, encrypted email solution for everyone. This talk focuses on some of the development challenges in supporting an ambitious product from the inside and lessons-learned that don't appear in software engineering classes.
p≡p is an end-to-end privacy-focused security architecture, which, in its first incarnation, aims to provide a seamless private, encrypted email solution for everyone. We do this without the requirement that the user has any understanding of keys, encryption, protocols, or encryption engines while still maintaining complete transparency at the core by providing the adapters and engine as free software. The p≡p foundation develops and maintains the engine and adapters which allow external app development (including that done by the business arm of p≡p) to securely use the p≡p engine without needing to understand and implement the secure functions of the p≡p protocol.
Moving the complexity of a product to the engine, however, creates a number of challenges relating to ensuring maximal cross-platform compatibility, communication (and often, adaptation) of APIs and usage, determination of where problems should be solved, etc. Doing this with a product that handles email adds the additional entertainment of repeatedly revisiting the less-deterministic-than-desired land of MIME RFCs and the reality that the product has to support all of the violations of those RFCs, even when one would prefer to avoid the egregiously broken. This talk focuses on some of the development challenges in supporting an ambitious product from the inside and lessons-learned that don't appear in software engineering classes.