[cryptography] The next gen P2P secure email solution

Tue Apr 22 11:58:50 PDT 2014

> Message du 22/04/14 20:30
> De : "Randolph" 
>
> > This thread pertains specifically to the use of P2P/DHT models
> > to replace traditional email as we know it today.
> 
> 
> *Anonymous Email based on virtual institutions*
> 
> What about this model? In a network you send your public email encryption
> key to an "virtual institution".
> The institution is defined by a name (e.g. AES string) and postal address
> (e.g. hash key). Having this information added to your node, all your email
> to you or from you will be stored in the virtual email provider
> institution. This detaches your nodes IP and encrpytion key from the
> institution. That means, care-off (c/o) institutions will be able to house
> 3rd-party e-mail without needing to distribute their own public keys.
> 
> To create a post office for your friends, two methods exist:
> 
> 1) Define a common neighbor (e.g Alice and Bob connect to a common
> webserver as node, and all three have email encryption keys shared), then
> the webserver stores the emails, even if Alice or Bob are offline.
> 
> 2) Or/additionally: Create an virtual institution and add the email key of
> a friend to your node. In case your friend adds the magnet link (which
> contains name and address of the virtual institution, aka AES key and Hash
> key) for the institution as well to his node, the institution will save all
> emails for him (as well from senders, which are not registered at the
> virtual institution).
> 
> A Magnet Link allows to share the virtual institution easily. The magnet
> Uri would look like:
> *magnet:?in=Gmail&ct=aes256&pa=dotcom&ht=sha512&xt=urn:institution*
> 
> With this method an email provider can be build without data retention and
> with the advantage of detached email encrpytion keys from node´s IP
> addresses. Next to TCP, you can use as well UDP and SCTP as protocol.
> 
> Virtual Institutions (VI) have been - due to the homepage - introduced by
> the lib-version 0.9.04 of http://goldbug.sf.net email and chat application.
> 
> If we understand this right, now everyone can create an email provider
> without data retention just as a service for friends. In case in a network
> of connected nodes everyone uses "gmail" as VI-name and "dotcom" as
> VI-address, everyone will host everyone for email, while all remains
> encrypted.. could be a nice net or p2p model in a testing.
> 

Although technical solutions are feasible, we ought to consider some things:
- Email is older than the web itself;
- Email has three times as many users as all social networks combined;
- Email is entrenched in the offices, many a business is powered by it;

Given the enormous energy necessary to remove such an appliance and replace it with something better. How could we make a secure solution that plays nicely with the current tools without disturbing too much what is already established?