[Freedombox-discuss] Email Encryption Basics

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16/11/12 13:44, Eugen Leitl wrote:
>>> Alternatively, the FBX could act as a PGP proxy for an existing
>>> email account: the FBX would encrypt email before sending it to
>>> the existing
> 
> This is a bad solution, as you will need an email account with a a
> third (corporate, subpoenable, gag-orderable) party, and will need
> to tell your FBX what smarthost or relay to use. StartTLS doesn't
> help you if your relayhost is rotten.
> 
> If you want your FBX to be unaffected by third parties, you will 
> need a darknet, period. The sooner you get this, the sooner we can
> move on and start implementing this.

I'm very much in favour of building darknets, but I also want to be
able to communicate with people who don't (yet) use the same darknet
as me. I'd like that communication to be as secure as possible. It
can't be perfectly secure, but we can improve on the status quo.

The system I described improves on the status quo in two ways: it
opportunistically encrypts outgoing email whenever the recipient's PGP
key is available, and it removes incoming email from the provider's
POP/IMAP server as quickly as possible.

If the sender and recipient are both using the system, they'll have
comparable security to a darknet. If only one of them's using the
system, they'll have better security than the status quo, and they'll
still be able to communicate until the second one adopts the system
(if ever).

> PGP doesn't scale due to key management issues, though there are
> nice ways like Steed http://lwn.net/Articles/464137/ 
> http://code.google.com/p/gpg-mailgate/
> 
> Notice you will need a DNS substitute anyway (e.g. pseudo domain
> .fbx) so you can use that to publish your keys for Steed.

Thanks for the link. The system I described doesn't require a DNS
substitute. However, it does depend on an anonymity system like Tor or
I2P for keyserver lookups, in order to make selective MITM attacks
more difficult.

> Your IMAP server should be on your FBX.

Yes, in an ideal world we'd all run our own mail servers. In the real
world it's not possible to run a mail server on a home broadband
connection, and darknet substitutes for email aren't used by the
majority of people. So if we want to be able to communicate with those
people we need to consider short-term incremental improvements on the
status quo, *as well as* working on long-term solutions like darknets.

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQpkwPAAoJEBEET9GfxSfMEBkIAJb8IyLVssRvxQaSY22pfDrc
IeutxPzViF6jICeS/5S/K7dW9dth5y1N3Cpeor7OFmko67bpF47rj8LU/bBI5lut
wTbmL5rsX0Ydu7IFq5Sqvx8Q1+yLBz9CbidUJCQLsm3tU17v29ERPRAPFle4WNl1
/nGXFXgE+HGsjDLAAxB0tN/xJCNQg7Hfv6+NVKyrok0xOs1l6+7CJ6jnxiuwv65e
COocGBwHk1Zsxp7AzacHnHOST50gnHEH1i7/OeO414psr0MgM67E9mAjRWI6aZwm
6wGpY664+a1ssTY69iN+stf7nInJ7Mp/TdLd5P2le8UgLWoZB4bkxULM02VUG0Y=
=95MH
-----END PGP SIGNATURE-----