I'd like to respond to this just a bit. 1. requiring PGP without giving a user centric means of using PGP doesn't actually solve anything.
It's like telling an adult they have to eat stinky tofu. If they love stinky tofu then fine, but if they don't, there is no way it's going to happen. I would guess that 0.01% of people LIKE the thunderbird experience. Whereas I would guess 90% like gmail. Also, getting people to download and install software is very difficult these days. 2. web mail security: I think web mail security can be better than you think. What is necessary for security? Code not being tampered with. Can you verify code has not been tampered with? Yes (up to a point of course). Retrieval and protection of keys from a central server. I believe my scheme is viable. I believe there is no way for any agency to do mass surveillance by cracking of tens of thousands of keys to read e-mail. It probably is possible to break a single user, but nothing can protect a "single user" from the NSA/FBI/CIA. (did you recognize the utility man who came last time? no? well you might have a key-logger, or a camera might be in your room) I could be wrong of course, but if I'm wrong, I think someone will fix it. 3. also, I think it is important to understand the limits of "cloud service back doors." Let's say that you only used the cloud to store encrypted files. And you used your own personal computer to run the mail server, static ip proxy-ing off an ec2 instance. (this is best I think). it wouldn't matter if the cloud was "a threat" because everything is encrypted anyways. I mean "wouldn't matter" means, "sort of wouldn't matter," there is always meta data, file size, file write time, etc. Ahh.. I see, I wrote that I was setting up the deploy to go to an ec2 instance. This gave the wrong impression perhaps. I don't have any free machines at the moment, and zero disk space weirdly, so I'm going to use ec2 instances to test. -- Anyways, super tired, hope my rambling isn't too incoherent. Cheers, -tim On 8/9/13, David Holl <da...@ad5ey.net> wrote: > ooh, I love this discussion. I'll drop in my quick points, and would love > to hear other perspectives. > > 2 points: > > 1) Is there a "milter" that could be plugged into existing SMTP servers > (sendmail, postfix, ...) that could require OpenPGP encapsulation, and > immediately reject messages back to the sender upon receipt of unprotected > email. (Heck, maybe the message doesn't even have to be signed or encrypted > but just require the minimum that has either the proper PGP mime > encapsulation or an "inline-format" ascii armored format.) > > If such a milter does not exist, we could create one. Being a "milter" > means this code could be plugged into a variety of existing SMTP servers > that are already deployed. > > > 2) Sorry, but isn't any mail service that runs a web front-end subject to > its country's government stepping in and requiring backdoors or other means > of tampering with the web code that's sent to customer's browsers? (ie, is > there any technical reason that a web-based email provider could not comply > with a secret order to insert backdoors into code sent from centrally > controlled web servers to the clients?) > > Heck, even downloading apps off Google Play doesn't "feel" secure. It is > technically feasible that Google could comply with a court order to inject a > backdoor into a third-party's app (or their own app) for when only 1 user's > phone automatically probes the play service for updates. (It sounds far > fetched, yes. But it is technically feasible, and many things sound far > fetched until we later find out it has been true for a while.) > > Security (privacy) could only be had when you can trust your computing > platform (must be personally owned and controlled), and that is pretty hard > to guarantee. (including baseband chipset backdoors, etc...) However, just > because something may be hard, doesn't mean we shouldn't strive for it. :) > > > --- So in closing... > > I figure just a milter that requires all traffic to be encapsulated via any > format of PGP / OpenPGP / GNUPG / whateverPG would be a fantastic start. > But I'm not so sure about being able to give anyone security through any > webmail clients. (heaven forbid that anyone's webmail is actually served > off of a VPS in "the cloud" somewhere... and thus subject to court orders > given to the company providing the VPS service...) > > > - David :) > (putting my tin foil hat back on and releasing the dolphins back to the > ocean with my private keys...) > > > On Fri, Aug 09, 2013 at 05:07:26PM -0400, Tim Prepscius wrote: >> If you'd like to help me that would be cool.. >> >> My take on this is this: (these are are not all my ideas, can't take >> full credit) >> >> >> We want to get to a state where an e-mail server is easy to set up. >> And runs with *non governmental* issued ssl certificates. >> Where it provides web-mail (think gmail), iPhone and android. >> >> >> >> The meta data problem goes away if the point of failure is spread thin >> enough. >> Basically, you rely that the NSA will not take the chance of sending a >> "secret" order to 1000 people with consciences. >> If everyone is using non government issued ssl certificates, the >> XKeyscore problem goes away. >> (only a guess though of course) >> >> >> >> The mail client will have pgp mime end-to-end. >> The mail server, run by you, or run by a friend of yours, or some >> business, will provide a secure means to login for web-mail. >> >> >> .. >> >> What I'm doing is: >> >> 1. finishing off getting all of the source on github >> 2. this weekend work on deploying easily to an ec2 instance. >> >> If you'd like to help, you could get it from github >> https://github.com/timprepscius/mailiverse >> >> and try to build things, see what breaks, although I'm sure I'll find >> out on my own pretty soon. >> >> >> If you have any expertise in PGP mime, I could use it. Setting up PGP >> mime looks like it will be trivial. I just have to figure out what to >> do. Which takes longer than writing the code unfortunately. >> >> -tim >> >> >> >> >> On 8/9/13, Hans of Guardian <h...@guardianproject.info> wrote: >> > >> > I think there would be some value to a system like that. It would >> > address a >> > lot of real world threats but it will not address large scale >> > government >> > monitoring systems, which many governments have (US, China, UK, Iran, >> > etc). >> > >> > Sounds like you should team up with Tim Prepscius with his system that >> > he's >> > been posting about here. >> > >> > .hc >> > >> > On Aug 9, 2013, at 2:07 PM, Griffin Boyce wrote: >> > >> >> This probably sounds very strange, but *what if* someone ran an email >> >> service that required that all mails be GPG encrypted? >> >> >> >> So here's my idea: Barring the honor system, it would require a >> >> filter >> >> to look at message content to check for PGP headers. And if said >> >> headers didn't exist, the message doesn't get sent.[1] There's no >> >> "Sent >> >> Mail" folder on the server, so if you want a copy, you'd need to have >> >> Thunderbird (etc) set up to store them locally. >> >> >> >> It wouldn't protect from metadata collection, but it would at least >> >> (to some extent) protect people from their own poor security decisions >> >> while emphasizing that options exist to protect themselves. >> >> >> >> Considerations: >> >> * This assumes that an order would arrive to disable PGP filter and >> >> enable a sent folder (eg, this idea assumes metadata is unprotected) >> >> >> >> * Those playing at home may recognize this as a naive Bayes >> >> classifier, given that the presence of PGP headers don't necessarily >> >> mean the actual message is encrypted. There are other (heavier) steps >> >> that could be taken, like checking for encryption on outbound with >> >> SJCL, >> >> but I think that probability is on our side here. >> >> >> >> * In the face of an NSL, the service would realistically either >> >> fall >> >> back to policy (removing tech-based enforcement by order) or shut down >> >> entirely. >> >> >> >> What does everyone think? Is this totally nuts or what? >> >> >> >> best, >> >> Griffin >> >> >> >> -- >> >> "Cypherpunks write code not flame wars." --Jurre van Bergen >> >> #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de >> >> <mailto:sa...@jabber.ccc.de> >> >> >> >> My posts, while frequently amusing, are not representative of the >> >> thoughts of my employer. > -- Liberationtech is a public list whose archives are searchable on Google. Persistent violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
