a) sure makes sense.
b-d) if it costs too much, you won't get buy in. Those that care about the cost will comply and participate, those that don't won't use the system "because" of the cost.
e) Agreed. Brings up the question of how do you trust the reputation tracker?
f-h) agreed.

--john


On Wed, Sep 18, 2013 at 4:27 PM, David D <david@7tele.com> wrote:
A slight drift OT...

Email services with limited market penetration, not backed by dollars, and
brutalized by a smear campaign stating that the service is -only- used by
criminals, terrrrrists, etc. will limit its reach quickly.   With a limited
reach you then have a much easier target for the govt.   If I was a deviant
working for the NSA I would create a selector for all people using:
@prism-proof-email.com and spend a great deal of effort trying to break it.
They could also simply seize the domain or deliver a piece of paper
requesting all of the data.

One goal that we should all work for is to have ALL e-mail transport methods
encrypted.   This would create mountains of encrypted data and provide a
level of protection for all email that is now is lacking.   I am
specifically referring to TLS on SMTP, POP3, and IMAP.

This would require education on the systems side, working with the Linux/BSD
distributions to make TLS enabled by default, and to generate the cert/key
on install (unique per install please).

As a real world example...  I received a support ticket response last week
that included account information, logins, etc. and it was delivered to my
mail server without a TLS connection.  Aside from the obvious issue of
sending the data in an e-mail, they are sending all ticket responses
entirely in the clear on port 25.   What year is it?

A similar discussion for HTTP is also worthwhile.   Namely, TLS1.2 available
on all clients (Hello Firefox) and support for TLS1.2/PFS on the server side
(Apache 2.4).


-----Original Message-----
From: cypherpunks [mailto:cypherpunks-bounces@cpunks.org] On Behalf Of Eugen
Leitl
Sent: Wednesday, September 18, 2013 3:35 PM
To: cypherpunks@al-qaeda.net; info@postbiota.org; zs-p2p@zerostate.is
Subject: [Cryptography] prism proof email, namespaces, and anonymity

----- Forwarded message from John Kelsey <crypto.jmk@gmail.com> -----

Date: Fri, 13 Sep 2013 16:55:05 -0400
From: John Kelsey <crypto.jmk@gmail.com>
To: "cryptography@metzdowd.com List" <cryptography@metzdowd.com>
Subject: [Cryptography] prism proof email, namespaces, and anonymity
X-Mailer: iPad Mail (10B329)

Everyone,

The more I think about it, the more important it seems that any anonymous
email like communications system *not* include people who don't want to be
part of it, and have lots of defenses to prevent its anonymous
communications from becoming a nightmare for its participants.  If the goal
is to make PRISM stop working and make the email part of the internet go
dark for spies (which definitely includes a lot more than just US spies!),
then this system has to be something that lots of people will want to use.

There should be multiple defenses against spam and phishing and other nasty
things being sent in this system, with enough designed-in flexibility to
deal with changes in attacker behavior over tome.  If someone can send
participants in the system endless spam or credible death threats, then few
people are going to want to participate, and that diminishes the privacy of
everyone remaining in the system, along with just making the system a blight
in general.  If nonparticipants start getting spam from the system, it will
either be shunned or shut down, and at any rate won't have the kind of
reputation that will move a lot of people onto the system.  An ironclad
anonymous email system with 10,000 users is a whole lot less
privacy-preserving than one with 10,000,000 users.  As revelations of more
and more eavesdropping come out, we might actually see millions of users
want to have something really secure and anonymous, but not if it's widely
seen as a firehose o' spam.

A lot of the tools we use on the net everyday suffer from having been
designed without thinking very far ahead into how they might be exploited or
misused--hence spam, malware in PDF files, browser hijacking sorts of
attacks, etc.  My thought is that we should be thinking of multiple
independent defenses against spamming and malware and all the rest, because
parasites adapt to their environment.  We can't count on "and then you go to
jail" as a final step in any protocol, and we can't count on having some
friendly utility read millions of peoples' mail to filter the spam if we
want this to be secure.  So what can we count on to stop spam and malware
and other nastiness?

Some thoughts off the top of my head.  Note that while I think all these can
be done with crypto somehow, I am not thinking of how to do them yet, except
in very general terms.

a.  You can't freely send messages to me unless you're on my whitelist.

b.  This means an additional step of sending me a request to be added to
your whitelist.  This needs to be costly in something the sender cares
about--money, processing power, reputation, solving a captcha, rate-limits
to these requests, whatever.  (What if the system somehow limited you to
only, say, five outstanding requests at a time?).

c.  Make account creation costly somehow (processing, money, solving a
captcha, whatever).  Or maybe make creating a receive-only account cheap but
make it costly to have an account that can request to communicate with
strangers.

d.  Make sending a message in general cost something.  Let receiver
addresses indicate what proof of payment of the desired cost they require to
accept emails.

e.  Enable some kind of reputation tracking for senders?  I'm not sure if
this would work or be a good idea, but it's worth thinking about.

f.  All this needs to be made flexible, so that as attackers evolve, so can
defenses.  Ideally, my ppe (prism proof email) address would carry an
indication of what proofs your request to communicate needed to carry in
order for me to consider it.

g.  The format of messages needs to be restricted to block malware, both the
kind that wants to take over your machine and the kind that wants to help
the attacker track you down.  Plain text email only?  Some richer format to
allow foreign language support?

h.  Attachments should become links to files in an anonymizing cloud storage
system.  Among other things, this will make it easier to limit the size of
the emails in the system, which is important for ensuring anonymity without
breaking stuff.

What else?  I see this as the defining thing that can kill an anonymous
encrypted communications system--it can become a swamp of spam and malware
and nutcases stalking people, and then nobody sensible will want to come
within a hundred meters of it.  Alternatively, if users are *more* in
control of who contacts them in the prism-proof scheme than with the current
kind of email, we can get a lot more people joining.

Comments?

--John

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5