Justus Winter

Justus is co-founder and senior developer of Sequoia-PGP, a clean-sheet implementation of the OpenPGP protocol in the memory-safe programming language Rust. Besides working on the core library, he is part of the IETF OpenPGP working group's design team revising the spec, maintains a comprehensive OpenPGP interoperability test suite, has created and maintains an alternative OpenPGP backend for Thunderbird, and improves the OpenPGP ecosystem by listening to downstream users' requirements and helping them to integrate OpenPGP into their solutions.

Previously, Justus spent two years working on GnuPG, improving its test suite, GPGME's Python bindings, and doing general maintenance on the code base. This was a transformative time: he learned about the difficulties of interfacing with GnuPG, advantages and disadvantages of GnuPG's architecture, and the challenges of creating and caring for an integral part of the Free Software ecosystem.

During his time at the university, Justus was interested in computer security and formal proof techniques, writing his Diploma thesis about model checking. He also became interested in object capability systems, working on GNU Hurd and Debian/Hurd in the final years of studying. Working on the Hurd was also how he learned how to contribute back to the Free Software community and how to care for large, old, and organically grown code bases written in C.

Justus has been using Debian on his computers (with a few detours), starting with Potato. It has been a great ride!

To compensate for his desk job, Justus juggles. Mostly clubs, but he has been trying to learn new Diabolo tricks recently, and he enjoys all sorts of equilibristic activities. Most recently, he started bouldering.

Accepted Talks:

Sequoia PGP, sq, gpg-from-sq, v6 OpenPGP, and Debian

It has been two years since my last DebConf talk on Sequoia, and two years being a small eternity in our fast-paced world, I want to revisit where we are, and where we are going to.

Notably, work on our main command-line frontend sq has picked up pace and we are polishing it for a 1.0 release; the IETF OpenPGP working group has concluded with RFC 9580 about to be published (hopefully in time for this talk), has been re-chartered, and is considering new work (notably post-quantum cryptography); you can apt install gpg-from-sq to seamlessly replace GnuPG with Sequoia’s reimplementation; and a lot of the packaging and software-supply-chain infrastructure in various distributions (including, but not limited to Debian) is being converted to (also be able) use Sequoia.

If you work on Debian or any other Linux distribution, are a software developer integrating or looking to integrate OpenPGP into their applications, are a digital security trainer, or are simply curious about the state of the OpenPGP ecosystem, this talk is for you!