I've been reading a lot about the need to replace email and I'm not quite sure why we're not moving to an XMPP based model. It seems rather perfect for this kind of thing: 1. Federated 2. Users are already familiar with the addressing format 3. Easy to use, could easily integrate with existing email 4. Easily piped through Tor or i2p or whatever Security could be handled by using OTR the first time users happen to be on at the same time and exchanging PGP keys automagically with some kind of validation that the user can actually understand in place. I really don't see this as incredibly hard to build. Why are we not seriously looking at it? Sure, it doesn't address meta-data (it probably could though) but it's a step away from traditional email and towards something new. Thoughts? Cypher
On Fri, Jan 16, 2015 at 11:31:58AM -0600, Cypher wrote:
Thoughts?
you want to avoid xml based "solutions". langsec should be considered from the beginning. also i'm unsure of the store-and-forward-properties of xmpp. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
On 01/16/2015 11:57 AM, stef wrote:
On Fri, Jan 16, 2015 at 11:31:58AM -0600, Cypher wrote:
Thoughts?
you want to avoid xml based "solutions". langsec should be considered from the beginning. also i'm unsure of the store-and-forward-properties of xmpp.
Agreed. From running an XMPP server, XMPP does (or can) have store and forward capabilities but that is something that would need to be addressed. For maximum security, there needs to be a way for the messages to be encrypted to a key controlled by only the recipient while it's sitting on the server. I suppose using PKI could accomplish that. Cypher
Cypher <cypher@cpunk.us> writes:
I've been reading a lot about the need to replace email and I'm not quite sure why we're not moving to an XMPP based model.
Because it's /connection based/ and therefore low latency, so cannot be used by an untraceable pseudonym (endpoint IP packet correlation). Contrast with email, where the security is /message based/ and can use anonymizing remailers having deliberately long, random latency. -- -- StealthMonger Long, random latency is part of the price of Internet anonymity. Key: mailto:stealthsuite[..]nym.mixmin.net?subject=send%20stealthmonger-key
Anonymity is much easier and much stronger in a uni-directional store and forward environment. Real time is a killer and creates all kinds of attack paths. -Lance -- Lance Cottrell loki@obscura.com
On Jan 16, 2015, at 2:13 PM, StealthMonger <StealthMonger@nym.mixmin.net> wrote:
Cypher <cypher@cpunk.us> writes:
I've been reading a lot about the need to replace email and I'm not quite sure why we're not moving to an XMPP based model.
Because it's /connection based/ and therefore low latency, so cannot be used by an untraceable pseudonym (endpoint IP packet correlation).
Contrast with email, where the security is /message based/ and can use anonymizing remailers having deliberately long, random latency.
--
-- StealthMonger Long, random latency is part of the price of Internet anonymity.
Key: mailto:stealthsuite[..]nym.mixmin.net?subject=send%20stealthmonger-key
Dnia piątek, 16 stycznia 2015 11:31:58 Cypher pisze:
I've been reading a lot about the need to replace email and I'm not quite sure why we're not moving to an XMPP based model.
Because these are two completely different beasts, used for two completely different things. Also, if I were to replace e-mail with something, I'd go with something serverless. RetroShare is an interesting project, for instance. It needs some love, but the direction is right, AFAIK. Also, one does not simply replace e-mail... -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
participants (5)
-
Cypher -
Lance Cottrell -
rysiek -
StealthMonger -
stef