On 2013-08-30, Jon Callas wrote:
The crypto is the easy part. The hard part is the traffic analysis, of which the worst part is the Received headers.
So, how would one go about a gateway which strips all of it on the way into/out of an onion router, without jeopardizing that basic functionality which can at all survive after anonymization? At least to me it would seem that you can't adopt a firewall mindset where you just blacklist/shave-off certain features and options. If you want to be certain, you'll have to have an exacting parser which only accepts as an input language something "clean". Probably on the pain of rejecting a whole lot of otherwise common or even valid emails and such. Has anybody tried to write a truly anal parser/normaliser/rejecter to date?
There are plenty of other leaks like Message-ID, Mime-Version, X-Mailer, the actual separators in MIME part breaks, and so on.
All except Message-ID can be dropped without jeopardizing service. Message-ID, well, that's just such a basic part of the service that you'd have to go with zero knowledge proofs in a funky and expensive way if you wanted to get rid of that one.
It's absolutely correct that some combination of VPNs, Tor, remailers of whatever stripe, and so on can help with this, but we're all lazy and we don't do it all the time.
We need them *too*. Doesn't mean we shouldn't sanitise our outgoing (and incoming, because of replies) email all the same. Automatically. With minimum hassle. On as many platforms as needed.
What we're learning from Snowden is that they're doing traffic analysis -- analyzing movements, social graphs, and so on and so forth.
True Names. They're now there. So let's deal with the problem.
The problem isn't the crypto, it's SMTP.
Yes, SMTP is the basest problem. It's difficult to get around envelop addresses in the clear and all that. But above you talked about something within the protocol which *can* be sanitised. Let's do that, programmatically, at least, and right now. After that, it's suddenly *much* easier to deal with the address on the envelope. -- Sampo Syreeni, aka decoy - decoy@iki.fi, http://decoy.iki.fi/front +358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2