How to have your encrypted mail in two places at once
IMAP and webmail makes it easy to access your mail on two or more machines, and have all your folders stay in sync. Encryption tends to break that: your inbox might work across machines, but your Sent Items and personal folders tend to be stuck on one machine. Confidant Mail 0.24 has a solution for that problem. You can have the same GPG key on two or more machines. Using a secure replication protocol, your sent items, read status of incoming mail, personal folders, and deletions are all automatically copied to the other machines. This provides an IMAP-like experience with encrypted mail. I am looking for advice on how to implement a mobile client: Option A is to re-create the current client functionality for the mobile platforms. That is a lot of work, and I am not experienced in mobile programming. There is a port of gpg to Android, but I don't know how good it is. I know zero about Apple. This has disadvantages: for example, if I receive a 1GB message at home, there is no way for the phone to get only part of that message. It needs the whole message to check the signature. The worst problem, however, is that you are carrying your private key around with you. Phones are not secure and cannot be made secure. The carrier has root on the phone, whether you do or not. Phones are easy to physically take, and do not have trustworthy encryption. I do not want my GPG key on my phone. Option B is three-tier client server. Your PC at home has the private key, and talks to the Confidant Mail server. It also exposes a port which the phone accesses over a secure connection. The phone can request parts of messages, and the PC does the GPG encryption and decryption. This has the advantage that the phone client is smaller, the big message problem is solved, and the exposed key problem is solved. The middleware on the PC could have constraints such as not allowing the whole mailbox to be downloaded, and logging itself out after some number of failed remote access attempts. The downside is you need a PC running, you need to be smart enough to expose a port, and the PC is sitting there unattended, with the private key in memory, waiting for someone to come and grab it. Option C is a mobile web client. Similar to B, but instead of a client-server protocol, it uses HTTPS and generates mobile friendly HTML. Advantages relative to B are that one client supports all the mobile platforms, and there is no mobile code to write. Disadvantage is that the mobile browser is pretty easy to hack, and there is likely plaintext cached in the phone at any given time. Anyone who needs strong security probably should not use a mobile device. However, many people will want access to Confidant Mail on their phones. Do you have an opinion on the right way to provide it? http://www.confidantmail.org/forums/index.php?topic=27.msg47 Mike Ingle <mike@confidantmail.org> d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2
two things: 1/ stop beating the dead horse (email) 2/ there is (or at least should be) a huge difference for cryptograms encrypted in transit between peers, and data resting and being queried by only one person. 3/ protocols like pond which address adversarial progress over the years should be preferred over outdated and broken protocols. but i guess i'm repeating 1/ already. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
On Tue, Mar 3, 2015 at 5:16 AM, stef <s@ctrlc.hu> wrote:
1/ stop beating the dead horse (email) 2/ there is (or at least should be) a huge difference for cryptograms encrypted in transit between peers, and data resting and being queried by only one person. 3/ protocols like pond which address adversarial progress over the years should be preferred over outdated and broken protocols
Obligatory link to a long set of threads on creating next generation messaging transports meeting at the existing local MUA/spool... https://cpunks.org/pipermail/cypherpunks/2014-July/005063.html
On 3/3/2015 2:16 AM, stef wrote:
two things:
1/ stop beating the dead horse (email)
That's a silly thing to say on a mailing list, lol. Obviously the medium is still useful. SMTP, however, is an old and lame horse that ought to be turned into glue. The best way to do that IMHO is make a new protocol, use them in parallel, and wait until the old one becomes a big enough nuisance to go away. That is what I am trying to do here.
2/ there is (or at least should be) a huge difference for cryptograms encrypted in transit between peers, and data resting and being queried by only one person.
Yes, data at rest is encrypted with things like DiskCryptor and cryptoloop. Data going over a wire is encrypted with TLS. A message addressed to a particular person (to whom you do not have a live connection) is best encrypted with something like GPG. You need all three for a secure messaging system.
3/ protocols like pond which address adversarial progress over the years should be preferred over outdated and broken protocols. but i guess i'm repeating 1/ already.
Which adversarial progress are you referring to? GPG has proven itself robust over the years, and Confidant Mail does not use SMTP. If you mean forward secrecy, I'm working on that. In the meantime I'd still rather trust GPG than some unknown protocol. If my private key gets stolen that's my own fault for being careless.
On Wed, Mar 04, 2015 at 12:34:17AM -0800, Mike Ingle wrote:
On 3/3/2015 2:16 AM, stef wrote:
two things:
1/ stop beating the dead horse (email) That's a silly thing to say on a mailing list, lol. Obviously the medium is still useful.
i think you mistake the mailing list usecase with the encrypted communication usecase. the two are quite different.
3/ protocols like pond which address adversarial progress over the years should be preferred over outdated and broken protocols. but i guess i'm repeating 1/ already.
Which adversarial progress are you referring to? GPG has proven itself robust over the years, and Confidant Mail does not use SMTP.
has it? or has parallel construction also evolved?
If you mean forward secrecy, I'm working on that. In the meantime I'd still rather trust GPG than some unknown protocol. If my private key gets stolen that's my own fault for being careless.
i think this has been now repeated many times enough. smari, matt green, lately even moxy got the memo.. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
Dnia wtorek, 3 marca 2015 01:54:26 Mike Ingle pisze:
IMAP and webmail makes it easy to access your mail on two or more machines, and have all your folders stay in sync. Encryption tends to break that: your inbox might work across machines, but your Sent Items and personal folders tend to be stuck on one machine.
Confidant Mail 0.24 has a solution for that problem. You can have the same GPG key on two or more machines. Using a secure replication protocol, your sent items, read status of incoming mail, personal folders, and deletions are all automatically copied to the other machines. This provides an IMAP-like experience with encrypted mail.
Why not use different subkeys per-machine? Just remember to encrypt with all subkeys. Also, GPG-enabled webmail, am I reading it correctly?.. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
On Tue, Mar 03, 2015 at 11:30:39AM +0100, rysiek wrote:
Dnia wtorek, 3 marca 2015 01:54:26 Mike Ingle pisze:
IMAP and webmail makes it easy to access your mail on two or more machines, and have all your folders stay in sync. Encryption tends to break that: your inbox might work across machines, but your Sent Items and personal folders tend to be stuck on one machine.
Confidant Mail 0.24 has a solution for that problem. You can have the same GPG key on two or more machines. Using a secure replication protocol, your sent items, read status of incoming mail, personal folders, and deletions are all automatically copied to the other machines. This provides an IMAP-like experience with encrypted mail.
Why not use different subkeys per-machine? Just remember to encrypt with all subkeys. Also, GPG-enabled webmail, am I reading it correctly?..
I keep waiting for something interesting to happen that uses blockchains and their private keys for storing, encrypting, distributing, and monetizing messages. Unfortunately, I supposed the most likely way this would get funded is through a DARPA proposal, or some sort of government funding with the goal of destabilizing other governments.
Why not just write it if you want it? You don't need a team of developers, because all the hard stuff (crypto) has been done. I was thinking of using a blockchain to claim addresses. Confidant Mail currently has the problem that anyone can claim any email address, and the sender must check the recipient's key ID or signature to make sure he's talking to the right person. Why not use a blockchain like distributed commit protocol to resolve which key owns what address? The original owner would put out the first claim, and then the address belongs to him until he signs it over to someone else, just like bitcoins. Mike On 3/13/2015 9:24 AM, Troy Benjegerdes wrote:
On Tue, Mar 03, 2015 at 11:30:39AM +0100, rysiek wrote:
Dnia wtorek, 3 marca 2015 01:54:26 Mike Ingle pisze:
IMAP and webmail makes it easy to access your mail on two or more machines, and have all your folders stay in sync. Encryption tends to break that: your inbox might work across machines, but your Sent Items and personal folders tend to be stuck on one machine.
Confidant Mail 0.24 has a solution for that problem. You can have the same GPG key on two or more machines. Using a secure replication protocol, your sent items, read status of incoming mail, personal folders, and deletions are all automatically copied to the other machines. This provides an IMAP-like experience with encrypted mail.
Why not use different subkeys per-machine? Just remember to encrypt with all subkeys. Also, GPG-enabled webmail, am I reading it correctly?..
I keep waiting for something interesting to happen that uses blockchains and their private keys for storing, encrypting, distributing, and monetizing messages.
Unfortunately, I supposed the most likely way this would get funded is through a DARPA proposal, or some sort of government funding with the goal of destabilizing other governments.
Dnia piątek, 13 marca 2015 11:24:30 piszesz:
On Tue, Mar 03, 2015 at 11:30:39AM +0100, rysiek wrote:
Dnia wtorek, 3 marca 2015 01:54:26 Mike Ingle pisze:
IMAP and webmail makes it easy to access your mail on two or more machines, and have all your folders stay in sync. Encryption tends to break that: your inbox might work across machines, but your Sent Items and personal folders tend to be stuck on one machine.
Confidant Mail 0.24 has a solution for that problem. You can have the same GPG key on two or more machines. Using a secure replication protocol, your sent items, read status of incoming mail, personal folders, and deletions are all automatically copied to the other machines. This provides an IMAP-like experience with encrypted mail.
Why not use different subkeys per-machine? Just remember to encrypt with all subkeys. Also, GPG-enabled webmail, am I reading it correctly?..
I keep waiting for something interesting to happen that uses blockchains and their private keys for storing, encrypting, distributing, and monetizing messages.
http://twister.net.co/ https://bitmessage.org/wiki/Main_Page -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
Forward secrecy is now working in Confidant Mail 0.28, and a new version with UI improvements will be posted in the next few days. You can rotate your encryption subkey and get rid of the old ones. Your key will not continuously grow in size. If you have a key on two machines, you do have to manually transfer it after a key rotation. Mike On 4/5/2015 8:16 AM, rysiek wrote:
Dnia piątek, 13 marca 2015 11:24:30 piszesz:
On Tue, Mar 03, 2015 at 11:30:39AM +0100, rysiek wrote:
Dnia wtorek, 3 marca 2015 01:54:26 Mike Ingle pisze:
IMAP and webmail makes it easy to access your mail on two or more machines, and have all your folders stay in sync. Encryption tends to break that: your inbox might work across machines, but your Sent Items and personal folders tend to be stuck on one machine.
Confidant Mail 0.24 has a solution for that problem. You can have the same GPG key on two or more machines. Using a secure replication protocol, your sent items, read status of incoming mail, personal folders, and deletions are all automatically copied to the other machines. This provides an IMAP-like experience with encrypted mail.
Why not use different subkeys per-machine? Just remember to encrypt with all subkeys. Also, GPG-enabled webmail, am I reading it correctly?..
I keep waiting for something interesting to happen that uses blockchains and their private keys for storing, encrypting, distributing, and monetizing messages.
http://twister.net.co/ https://bitmessage.org/wiki/Main_Page
participants (5)
-
grarpamp -
Mike Ingle -
rysiek -
stef -
Troy Benjegerdes