Dark Mail Alliance for end-to-end private and secure email
darkmail.info: "end-to-end encrypted protocol and architecture ... [for] private and secure email", presumably a white paper is forthcoming. initial release anticipated in 2014. ... which returns on port 443: "Error 102 (net::ERR_CONNECTION_REFUSED)" (~_~;) --- requirements for end-to-end secure email: - content of messages always protected; ensure authenticity and privacy of content. (plain-text content is not an option) - keys generated and kept on device / user end-point. (no server side generation or storage of private keys on behalf of users; support hardware secured private key and wrapped storage on devices with HSMs) - mail header scrubbing is performed at delivery, in transit, and on receipt to limit metadata exposure. - server-to-server communication enforces STARTTLS with PFC capable cipher suites. - client-to-server communication enforces TLS with PFC capable cipher suites. - service resistant to kleptography and covert channels. (use open and robust protocols, use robust key lengths, use fail-safe rather than fail-vulnerable configurations, ...) - for extra credit, solve the subject line as part of public header metadata problem. (solving the metadata problem for email is super extra credit ;) - what else? is it possible to build such a system without compromising privacy or usability? i remain skeptical...
Il 10/31/13 9:50 AM, coderman ha scritto:
darkmail.info: "end-to-end encrypted protocol and architecture ... [for] private and secure email", presumably a white paper is forthcoming. initial release anticipated in 2014. The best tweet i saw about this initiative: "Guess which crypto company actually showed its brand new encrypted email spec to journalists before other cryptographers? One guess."
I think that we should consider to update the so called Snake Oil Encryption mis-practices by carefully considering how the "Crypto Practices" can be abused for marketing stunt purposes, while effectively focusing in deploying a wallet garden. -naif
Dnia czwartek, 31 października 2013 10:09:33 Fabio Pietrosanti pisze:
Il 10/31/13 9:50 AM, coderman ha scritto:
darkmail.info: "end-to-end encrypted protocol and architecture ... [for] private and secure email", presumably a white paper is forthcoming. initial release anticipated in 2014.
The best tweet i saw about this initiative: "Guess which crypto company actually showed its brand new encrypted email spec to journalists before other cryptographers? One guess."
As if journalists were cryptographers. ;)
I think that we should consider to update the so called Snake Oil Encryption mis-practices by carefully considering how the "Crypto Practices" can be abused for marketing stunt purposes, while effectively focusing in deploying a wallet garden.
Yes, yes indeed. MailPile's Smari McCarthy said it best: http://www.mailpile.is/blog/2013-10-31_DarkMail_and_Secure_Protocols.html "The short answer is: until DarkMail is an open standard, we can't really comment on what it means to Mailpile." -- Pozdr rysiek
participants (3)
-
coderman -
Fabio Pietrosanti (naif) -
rysiek