-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2014.06.14 22.31, Trevor Perrin wrote: > Some e2e messaging protocols make use of Tor Hidden Services. > It's interesting to think about what value this adds: > > In Cables [1] and the (work-in-progress) SMTorP [2], recipients > can run their own Tor Hidden Service. So if you're online, > messages can be delivered directly to you without needing a mailbox > server.
In the past, we've talked about having an optional untrusted proxy within SMTorP, either for sending or receiving, mostly to deal with the purely practical problem of both users not being online at the same time. Our preference had been use the proxy on the sending side, as that way the sender can see when their message actually reached the receiver's mailpile, which we feel broadly maps to existing user expectations with respect to email behavior. A receive proxy is also possible, which would hide user online state (assuming it's running on a VPS), but would also alter system behavior in a way which may be undesirable otherwise. The goal with SMTorP is to provide as much unlinkability as possible without requiring significant new infrastructure. The mapping between a hidden service address and a conventional email address is not intended to be private, and thus a sufficiently capable observer will be able to determine when that user receives mail (and, barring a receive proxy, when they're online, if they test actively), but not necessarily which user sent the mail. This is not perfect, but it's a significant improvement over the status quo, and it retains the ability to use email for near-realtime alerting (think Nagios) and similar functions for which email is used by real users. This maps to the overall mailpile goal of improving email security as much as possible within the context of a modern mail client that meets user expectations about how email works and interoperates gracefully with existing global infrastructure. E. - -- Ideas are my favorite toys. -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAlOgPNMACgkQQwkE2RkM0wrLTQD+OWitLyZDnbXN6Gx0kudjPFqz ICIK6awuPZSQ0JsuRs0BAJKqWIkN902/5s9ZTxBVvZNbeiC1llrZtbt6kBkVpj0z =1gk7 -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
