On Wed, Oct 3, 2012 at 3:52 AM, Brian Conley <brianc@smallworldnews.tv> wrote:

I am immediately suspicious of any service advertising simple easy encrypted email

Why? The notion that easy encrypted email is hard is a myth, perhaps resulting from people being trapped inside the concept of using PGP and its non-scalable b web of trustb. LibertC) Linux implements cables communication [1], which provides just that b easy encrypted email. The catch is that there is no interoperability with SMTP, and there are no easy-to-remember usernames.

but perhaps someone here can offer a coherent reply based on their privacy policy or other info as to why this should not be trusted?

From going over the security summary [2], I don't see why CryptoHeaven's servers can't trivially MITM retrieval of recipient's public key:

b The public portion of the key is then sent to the server where it can be picked up by others connecting to the system.b

From Security FAQ [3]:

b CryptoHeaven manages public keys automatically and securely. User simply allows others to communicate with him through the use of "Contacts" within the CryptoHeaven system. The system takes care of the exchange of the public keys automatically.b The underlying problem is that the username (apparently) does not include a hash of the public key. It is possible that user ID mentioned in b How can I verify that I am sending messages to whom I think I am?b entry in the FAQ is such a hash, but it is not clear from the brief description. It is also not clear whether the server can decide to make a message disappear b i.e., are there mandatory authenticated receipts? And of course, due to the centralized nature of the system, CryptoHeaven can perform traffic analysis, building social networks of correspondents, etc. I am also not sure why they mention b non-repudiation and anonymityb in the FAQ. Non-repudiation is seen as problematic in encrypted communications nowadays (together with lack of perfect forward secrecy, which seems to be an attribute of the protocol as well), and is differentiated from communication authenticity per se (e.g., see OTR [4]). The claim of anonymity looks like an overstatement. All of the above is written based on high-level descriptions on CryptoHeaven website b I didn't look at the code (which is available [5]), so some points could be incorrect. [1] http://dee.su/cables [2] http://www.cryptoheaven.com/Security/security-encrypted-email.htm [3] http://www.cryptoheaven.com/Security/SecurityFAQ.htm [4] http://www.cypherpunks.ca/otr/ [5] http://www.cryptoheaven.com/Download/Files/CryptoHeaven-SourceCode.jar -- Maxim Kammerer LibertC) Linux: http://dee.su/liberte -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE