Hey Trevor, everyone, Thanks for taking a look at SMTorP!
The points you raised in your previous mail are quite valid - real-time p2p communication has very different properties from store-and-forward based systems and is vulnerable to different classes of attacks and different types of abuse. For some users, real-time direct delivery of messages may leak too much information. It may also be too unreliable, if schedules don't match and people aren't online at the same time often enough for the message exchange to actually take place. However, for many the opposite is true. If you are not concerned with anonymity and are more or less always online, then the fact that your Tor hidden service is reachable leaks no information and you reap quite measurable benefits from being able to cut out all the middle-men who might listen in, mis-classify as spam, arbitrarily delay or otherwise interfere with your mail. Today sending e-mail is a like a lottery with very good odds - usually you win, and usually the message delivered. But not always, and when you lose there is no feedback at all. Mail just disappears, thanks to spam filters everywhere. If we can address that problem and improve security at the same time, then we've improved e-mail quite significantly. I think the fact that we are using Tor and Tor hidden services for this sometimes confuses people, as it leads to the assumption that anonymity must be one of our primary goals. But that is not actually the case. SMTorP is primarily focused on decentralization and establishing secure and private channels over which users exchange normal, non-anonymous, e-mail. Just like with regular e-mail, if used carefully, anonymity may be achieved, but that isn't our main goal here. I am quite excited about SMTorP, because although it is not perfect, it is very easy to implement and deploy and it can be configured for both scenarios - p2p or store-and-forward. So if you need anonymity or high availability, you use a shared relay or even a sequence of relays. If you want to be sure that you are communicating directly without any middle-man, you run the hidden service yourself. My greatest concern about the p2p mode of SMTorP is actually the classic sysadmin concern that an exposed service is more vulnerable to direct attacks - if you run a Tor hidden service then people can connect to that and try to break it. Who needs timing attacks, if they can just 'sploit your Mailpile's built-in SMTP server and read all your mail? But hey, fixing that is a mere matter of programming, right? ;-) Cheers! - Bjarni
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
