Hi Bjarni, On Sun, Jun 22, 2014 at 2:18 AM, Bjarni Runar Einarsson <[email protected]> wrote: > > Peoples' expectations from e-mail are indeed very low today. The user > experience of e-mail is badly broken today and relays doing surprising > things (in the name of security or spam protection) are the main reason > why.
Dunno about that, I thought most people's experience with email was pretty good. > Regarding relay servers vs. direct p2p, and protection of the social > graph: I think the idea that monitoring the entire Tor network is > somehow easier than compromising a few relay servers and simply > watching the logs, to be patently ludicrous. :-) You're overstating the attacker effort for "traffic confirmation" / "end-to-end correlation". The attacker doesn't monitor the entire Tor network, they just have to monitor the traffic between you and Tor, and between one of your correspondents and Tor. For example if you exchange SMTorP mail with someone using the same ISP, your ISP could see this. It's worse if one party is a server with intermittent uptime, like SMTorP on a laptop. The attacker can monitor one party's traffic and see when they are polling for a recipient to come online, then correlate that with recipient uptimes. You're also overstating what compromising a relay and "watching the logs" gets you. If senders are contacting relays over Tor and encrypting metadata, then compromising the relay doesn't reveal relationships. The attacker would still have to break Tor to discover the sender. So relays aren't an alternative to Tor, they can be additive (e.g. Pond). > Regarding case for/against send vs. receive relays in SMTorP [...] > Since SMTorP addresses are just [email protected], if you use a > receive relay then the relay operator owns your e-mail address, making > him a middle man you cannot get rid of As Brian points out, that's not strictly true. With SMTP, the domain owner can change the MX to a different relay. I don't know if you can use a public key to redirect to a hidden service in Tor's DHT, but in principle it's possible. (BitTorrent has also talked about using pubkeys as identities, and a DHT for user lookup, it will be interesting to see what they come up with: http://engineering.bittorrent.com/2013/12/19/update-on-bittorrent-chat/ http://blog.bittorrent.com/2014/06/11/bittorrent-chat-the-want-for-privacy/ ) Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
