[cryptography] The next gen P2P secure email solution

Thu May 15 14:14:29 PDT 2014

On Thu, May 15, 2014 at 8:36 AM,  <tpb-crypto at laposte.net> wrote:
>> >> - Email is entrenched in the offices, many a business is powered by it;
>>
>> They are powered by authorized access to and useful end use of message
>> content, not by email. That's not going anywhere, only the intermediate
>> transport is being redesigned.
>>
> Can you recode outlook, eudora and other closed source stuff people use(d) for e-mail handling for business? No? Well, that answers why it is hard to remove.
> Fixing the problem is better than overhauling all offices in the world,

Nobody can recode closed source but them. I would offer [pluggable]
open source alternatives and let gravity move the closed ones
over time.

>> >> Given the enormous energy necessary to remove such an appliance and replace
>>
>> Removal is different from introducing competitive alternatives.
>
> Little proprietary walled gardens are absolutely not the answer for this problem.

Nothing proprietary being made here, all open source, hack and use freely.

>> >> it with something better. How could we make a secure solution that plays
>> >> nicely with the current tools without disturbing too much what is already
>> >> established?
>> >
>> > By writing a gateway (i.e. between RetroShare and e-mail)?
>>
> The gateway idea is interesting, but it has to be efficient enough and low cost enough for people to switch over. Something like bitmessage is not.
>
>> MUA's become file readers and composers. They hand off
>> to a localhost daemon that recognizes different address formats
>> of the network[s] and does the right thing. Perhaps they compile
>> against additional necessary network/crypto libs. Whatever it
>> is, those are not a big change. Ditching centralized SMTP transport
>> in the clear is... and for the better.

> http://arstechnica.com/security/2014/05/good-news-for-privacy-fewer-servers-sending-e-mail-naked-facebook-finds/
> I think that answers your concern about SMTP transport in the clear

Yes, great, we're now moving towards strict and PFS encrypted transport.
That's not much of a complete achievement since it does not solve any of
the other snowden-ish issues recent p2p threads are meant to encompass...
- [secret/trollish/illegal] orders against centralized mail servers/services
to store and disclose all metadata and [unencrypted] content, including
transport headers and pesky to/from/subject/etc headers.
- voluntary 'cooperation' to do the same.
- capability for messaging over encrypted anonymous p2p overlay networks
so that the only real place left to compel is the investigated user themselves
(or millions of users if you want to fight up against free speech / privacy).

> you clearly haven't been in may offices in your life.

Don't say on others position until you are their shadow.