Little proprietary walled gardens are absolutely not the answer for this problem.
How could we make a secure solution that plays nicely with the current tools without disturbing too much what is already established?
By writing a gateway (i.e. between RetroShare and e-mail)?
The gateway idea is interesting, but it has to be efficient enough and low cost enough for people to switch over. Something like bitmessage is not.
I actually think, having used it for some time and liking it on the whole, that Retroshare isn't suited to this. The primary reason is RS only receives mail if the sender and recipient are online at the same time. There's no store-and-forward, even though all messages are PGP encrypted to recipients. RS also has a lot of feature-bloat; it's better thought of as P2P Facebook than a simple communication system. Finally, RS is engineered to a simple and admirable purpose which makes it unsuited to email replacement; it's Friend to Friend. That's great in its use-case, but I think email should be: 1) Rapid and censorship-resilient routing 2) Single canonical addresses for each participant, which are human-readable. 3) Churn-tolerant 4) Expensive to send, to deter spam otherwise facilitated by to (1) 5) Practical for payloads between 10M and 20M, no greater. I do *not* think the core of a replacement email should guarantee anonymity, but the protocol should make allowances for that if possible. I think the above could be satisfied using a pseudo-blockchain for name->key mappings, and a key-routed DHT for creating routes for mail delivery. Credit is earned by routing other people's mail in store-and-forward fashion, like email. Credit can be spent to register new mail address:key mappings and to pay for routing of larger messages, or to prolong retention of messages before they bounce (if your intended recipient does not run a high-uptime mailserver and may need a day or two to log in). That resembles Twister, the coupling of DHT:Blockchain, but may be better suited to the model than twister is (because twister hit problems with scaling DHT use to many followers, I think), because email is slower and stabler than microstatus systems; more amenable to P2P-isation, whereas rapid updates coupled with mass-queries to other feeds is a setup better suited to a client:server interaction. The blockchain would need tweaking, because Twister is using scrypt, which is now apparently ASIC-able, e.g. useless. I think a password encrypting function whose parameters are set dynamically by the value of the prior block might help fix matters; the goal is for the ideal "ASIC" for the function to be a consumer CPU, not a GPU or dedicated ASIC. Anyway, sorry for the wall of text. Killing/replacing email is often on my mind. On 15/05/14 13:36, tpb-crypto@laposte.net wrote:
Message du 13/05/14 05:55 De : "grarpamp" A : cypherpunks@cpunks.org Copie à : p2p-hackers@lists.zooko.com, cryptography@randombit.net Objet : Re: [cryptography] The next gen P2P secure email solution
On Fri, May 9, 2014 at 11:49 AM, rysiek wrote:
Dnia wtorek, 22 kwietnia 2014 20:58:50 tpb-crypto@laposte.net pisze:
Although technical solutions are feasible
Then do it and see what happens.
we ought to consider some things: - Email is older than the web itself;
So is TCP/IP and the transistor. Irrelevant.
You clearly did not get the point, but let's move along your argument.
- Email has three times as many users as all social networks combined;
And how did those nets get any users when 'email' was supposedly working just fine?
E-mail not allowing one to make his ego appreciated and envied in a structured nicely formatted page maybe?
- Email is entrenched in the offices, many a business is powered by it;
They are powered by authorized access to and useful end use of message content, not by email. That's not going anywhere, only the intermediate transport is being redesigned.
Can you recode outlook, eudora and other closed source stuff people use(d) for e-mail handling for business? No? Well, that answers why it is hard to remove.
Given the enormous energy necessary to remove such an appliance and replace
Removal is different from introducing competitive alternatives.
Little proprietary walled gardens are absolutely not the answer for this problem.
it with something better. How could we make a secure solution that plays nicely with the current tools without disturbing too much what is already established?
By writing a gateway (i.e. between RetroShare and e-mail)?
The gateway idea is interesting, but it has to be efficient enough and low cost enough for people to switch over. Something like bitmessage is not.
MUA's become file readers and composers. They hand off to a localhost daemon that recognizes different address formats of the network[s] and does the right thing. Perhaps they compile against additional necessary network/crypto libs. Whatever it is, those are not a big change. Ditching centralized SMTP transport in the clear is... and for the better.
http://arstechnica.com/security/2014/05/good-news-for-privacy-fewer-servers-...
I think that answers your concern about SMTP transport in the clear, in less than one year the darkest bar in that chart will be close to 100%. If 80% of hosts demand strict encrypted transport, it will force the other 20% to change. Considering the snowden revelations and the fact that one year ago we barely used encrypted transport, having 1/4 already and accelerating is a good prospect.
Reread the threads, forget about that old SMTP box, think new.
Fixing the problem is better than overhauling all offices in the world, you clearly haven't been in may offices in your life.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com