ooh, I love this discussion. I'll drop in my quick points, and would love to hear other perspectives.
2 points: 1) Is there a "milter" that could be plugged into existing SMTP servers (sendmail, postfix, ...) that could require OpenPGP encapsulation, and immediately reject messages back to the sender upon receipt of unprotected email. (Heck, maybe the message doesn't even have to be signed or encrypted but just require the minimum that has either the proper PGP mime encapsulation or an "inline-format" ascii armored format.) If such a milter does not exist, we could create one. Being a "milter" means this code could be plugged into a variety of existing SMTP servers that are already deployed. 2) Sorry, but isn't any mail service that runs a web front-end subject to its country's government stepping in and requiring backdoors or other means of tampering with the web code that's sent to customer's browsers? (ie, is there any technical reason that a web-based email provider could not comply with a secret order to insert backdoors into code sent from centrally controlled web servers to the clients?) Heck, even downloading apps off Google Play doesn't "feel" secure. It is technically feasible that Google could comply with a court order to inject a backdoor into a third-party's app (or their own app) for when only 1 user's phone automatically probes the play service for updates. (It sounds far fetched, yes. But it is technically feasible, and many things sound far fetched until we later find out it has been true for a while.) Security (privacy) could only be had when you can trust your computing platform (must be personally owned and controlled), and that is pretty hard to guarantee. (including baseband chipset backdoors, etc...) However, just because something may be hard, doesn't mean we shouldn't strive for it. :) --- So in closing... I figure just a milter that requires all traffic to be encapsulated via any format of PGP / OpenPGP / GNUPG / whateverPG would be a fantastic start. But I'm not so sure about being able to give anyone security through any webmail clients. (heaven forbid that anyone's webmail is actually served off of a VPS in "the cloud" somewhere... and thus subject to court orders given to the company providing the VPS service...) - David :) (putting my tin foil hat back on and releasing the dolphins back to the ocean with my private keys...) On Fri, Aug 09, 2013 at 05:07:26PM -0400, Tim Prepscius wrote: > If you'd like to help me that would be cool.. > > My take on this is this: (these are are not all my ideas, can't take > full credit) > > > We want to get to a state where an e-mail server is easy to set up. > And runs with *non governmental* issued ssl certificates. > Where it provides web-mail (think gmail), iPhone and android. > > > > The meta data problem goes away if the point of failure is spread thin enough. > Basically, you rely that the NSA will not take the chance of sending a > "secret" order to 1000 people with consciences. > If everyone is using non government issued ssl certificates, the > XKeyscore problem goes away. > (only a guess though of course) > > > > The mail client will have pgp mime end-to-end. > The mail server, run by you, or run by a friend of yours, or some > business, will provide a secure means to login for web-mail. > > > .. > > What I'm doing is: > > 1. finishing off getting all of the source on github > 2. this weekend work on deploying easily to an ec2 instance. > > If you'd like to help, you could get it from github > https://github.com/timprepscius/mailiverse > > and try to build things, see what breaks, although I'm sure I'll find > out on my own pretty soon. > > > If you have any expertise in PGP mime, I could use it. Setting up PGP > mime looks like it will be trivial. I just have to figure out what to > do. Which takes longer than writing the code unfortunately. > > -tim > > > > > On 8/9/13, Hans of Guardian <h...@guardianproject.info> wrote: > > > > I think there would be some value to a system like that. It would address a > > lot of real world threats but it will not address large scale government > > monitoring systems, which many governments have (US, China, UK, Iran, etc). > > > > Sounds like you should team up with Tim Prepscius with his system that he's > > been posting about here. > > > > .hc > > > > On Aug 9, 2013, at 2:07 PM, Griffin Boyce wrote: > > > >> This probably sounds very strange, but *what if* someone ran an email > >> service that required that all mails be GPG encrypted? > >> > >> So here's my idea: Barring the honor system, it would require a filter > >> to look at message content to check for PGP headers. And if said > >> headers didn't exist, the message doesn't get sent.[1] There's no "Sent > >> Mail" folder on the server, so if you want a copy, you'd need to have > >> Thunderbird (etc) set up to store them locally. > >> > >> It wouldn't protect from metadata collection, but it would at least > >> (to some extent) protect people from their own poor security decisions > >> while emphasizing that options exist to protect themselves. > >> > >> Considerations: > >> * This assumes that an order would arrive to disable PGP filter and > >> enable a sent folder (eg, this idea assumes metadata is unprotected) > >> > >> * Those playing at home may recognize this as a naive Bayes > >> classifier, given that the presence of PGP headers don't necessarily > >> mean the actual message is encrypted. There are other (heavier) steps > >> that could be taken, like checking for encryption on outbound with SJCL, > >> but I think that probability is on our side here. > >> > >> * In the face of an NSL, the service would realistically either fall > >> back to policy (removing tech-based enforcement by order) or shut down > >> entirely. > >> > >> What does everyone think? Is this totally nuts or what? > >> > >> best, > >> Griffin > >> > >> -- > >> "Cypherpunks write code not flame wars." --Jurre van Bergen > >> #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de > >> <mailto:sa...@jabber.ccc.de> > >> > >> My posts, while frequently amusing, are not representative of the > >> thoughts of my employer.
-- Liberationtech is a public list whose archives are searchable on Google. Persistent violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
