xB Mail: Anonymous Email Client

Dawney Smith dawneysmith at googlemail.com
Thu Aug 21 14:31:06 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Bennett wrote:

>>> The more I understand email threats/issues over Tor
>>> the better. I am aware that there are only occasionally
>>> any exit servers allowing port 25, but if we are
>>> forcing SSL/TLS, then it won't matter what port they
>>> pick. So any preferences for extensions and behavior are
>>> welcome.
>> Here are some suggestions. Some of them ere also mentioned in the other
>> thread about changing the default exit policy.
>>
>> 1.) Block remote image loading
>> 2.) Obfuscate the data sent in the EHLO so it doesn't leak the hostname/ip
>> 3.) Even using an obfuscated EHLO, that can still leak information. If
>> you're using TLS rather than SSL on connect when sending an email, the
>> exit node can see what is sent in the EHLO. The fact that you send the
>> same EHLO every time could potentially let the exit node identify you if
>> you come back. Therefore, although it's not the standard, SSL on connect
>> on port 465 is preferable to TLS on port 587/25 when submitting email
>> over Tor.
> 
>      IANA has assigned port 465 to another function.  Why do you believe
> that a conflicting use should be supported or encouraged?

I provided my reasons in the explanation directly above.

> I'd stick with
> 587 and 25 until such time as another mail port is assigned.  If you think
> that might take forever, you could try campaigning for it, I suppose.  Of
> course, if a campaign is successful, it might only take forever minus a
> year or two. :-)

I'll stick with 465 as long as it's supported so I get a completely
encrypted connection. Given a choice, why would you use 587 over Tor?

>> 4.) The "Use secure connection" account settings should never be "TLS if
>> available" as a mitm attack could stop you from negotiating SSL without
>> realising.
>> 5.) The "Check for new messages every" option could leak to the exit
>> node that it is the same client coming back, if you set it to an unusual
>> value like 17 minutes for example. Changing from the default should be
>> dissuaded.
>> 6.) If people use a Torified account alongside a non Torified account
>> (I'd make it advise people to use a separate profile). But if they do,
>> do that, then it needs to make sure the two accounts don't share the
>> same LDAP server.
>> 7.) Turn off return receipts and Junk filtering
>> 8.) For convenience rather than security, I'd make it automatically turn
>> on the options to download the full messages to disk.
>>
>> Oh. It would also be nice if you could add a list of keywords that
>> Thunderbird shouldn't allow you to send in an email, in case you
>> accidently sign a message with your own name for example.
>>
>      Except for the aforementioned push to use the urd port for [S]SMTP,
> the rest of the above seem good to me.

Pragmatically speaking. 465 is going to be a service provided by many
mail systems for a long time to come, and it has clear advantages over
Tor compared to port 587.

All I'm saying is, the implications of using one over the other should
be made clear to the user, so they can then make their own decision.

- --
Dawn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrXwccoR2aV1igfIRAusXAJ9OmFtnb0Hxph6POg3O7Q4XVzLGwACaA0CT
6ZywREMJQB9jpBKO3r+sMjQ=
=2JLP
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list