IMAP and webmail makes it easy to access your mail on two or more
machines, and have all your folders stay in sync. Encryption tends to
break that: your inbox might work across machines, but your Sent Items
and personal folders tend to be stuck on one machine.
Confidant Mail 0.24 has a solution for that problem. You can have the
same GPG key on two or more machines. Using a secure replication
protocol, your sent items, read status of incoming mail, personal
folders, and deletions are all automatically copied to the other
machines. This provides an IMAP-like experience with encrypted mail.
I am looking for advice on how to implement a mobile client:
Option A is to re-create the current client functionality for the mobile
platforms. That is a lot of work, and I am not experienced in mobile
programming. There is a port of gpg to Android, but I don't know how
good it is. I know zero about Apple.
This has disadvantages: for example, if I receive a 1GB message at home,
there is no way for the phone to get only part of that message. It needs
the whole message to check the signature.
The worst problem, however, is that you are carrying your private key
around with you. Phones are not secure and cannot be made secure. The
carrier has root on the phone, whether you do or not. Phones are easy to
physically take, and do not have trustworthy encryption. I do not want
my GPG key on my phone.
Option B is three-tier client server. Your PC at home has the private
key, and talks to the Confidant Mail server. It also exposes a port
which the phone accesses over a secure connection. The phone can request
parts of messages, and the PC does the GPG encryption and decryption.
This has the advantage that the phone client is smaller, the big message
problem is solved, and the exposed key problem is solved. The middleware
on the PC could have constraints such as not allowing the whole mailbox
to be downloaded, and logging itself out after some number of failed
remote access attempts.
The downside is you need a PC running, you need to be smart enough to
expose a port, and the PC is sitting there unattended, with the private
key in memory, waiting for someone to come and grab it.
Option C is a mobile web client. Similar to B, but instead of a
client-server protocol, it uses HTTPS and generates mobile friendly HTML.
Advantages relative to B are that one client supports all the mobile
platforms, and there is no mobile code to write. Disadvantage is that
the mobile browser is pretty easy to hack, and there is likely plaintext
cached in the phone at any given time.
Anyone who needs strong security probably should not use a mobile
device. However, many people will want access to Confidant Mail on their
phones. Do you have an opinion on the right way to provide it?
http://www.confidantmail.org/forums/index.php?topic=27.msg47
Mike Ingle