xB Mail: Anonymous Email Client

[M. Peterson]

Hello Arrakis

thanks for this idea and software. Many replies already in the archive of
or-talk.
Some suggestions.

I would devide the license question
a) we need an open source GPL email client, which sends only PGP encrypted
email
b) we need an underlaying mix network with outproxies, which is could be
another license maybe.
(as the mail is encrypted, then no matter which outproxy is used, if open
soruce trasnport or not).
The mixing network is hiding the original IP adress. Tor or mixmaster or i2p
with recoded outproxies for one port for mail.

There are 3 similar projects, which should be considered:

NUNTIUS LEO EMAIL
http://nlcreator.sf.net
is developing a Qt Email client, which is sending PGP encrypted emails.

RetroShare Email Client
http://retroshare.sf.net
QT as well and has PGP Key pair encrpyted Messaging, instant and offlline.
The offline mail is queued until both clients are online for a handshake. So
currently @-mail is not possible, as it is serverless.

-> Merge: As retroshare uses XPGP key currently, and a change is soon done
to PGP keys, it is a good idea to add Nuntius Leo Email client as well to
RetroShare Gui as integration or as a plugin.

So the basic concept is, to have an adressbook, which pre-defines your
Friends or Mailadresses.
In one Email client, which is based on PGP Keys, you need to swap with your
mail-partner the key.
That is no lack, as you can send your PGP key as well over one first
unencrypted email (into one special folder for approval it arrives).
But I think it is better encryption is you have no end to end encryption but
swapping keys.
Mailinglists then need to be redefined, as you need from each participant
the key, tha could be done as well over one first approval/joining email,
which all participants sign.

Third there is SIMPLE-MAIL as a Firefox addon
https://addons.mozilla.org/en-US/firefox/addon/5593
Telega is the author and is currently coding a XUL gui for retroshare
instant messenger, you find it here:
http://retromessenger.sf.net
This library is currently not open source, but the auther may think about
that.
XUL allows as well a standalone application.

The idea, to join as well in XUL a mail client with PGP keys and the
libretroshare Instant Messenger is already placed.

You see, 2 Projects, on its way bringing online and offline communication
together, both based on PGP keys.

That is why you should be compatible to PGP key exchange. Does FirePGP
provide this?
Please answer, if you are interested in one or the other project to join the
acting persons and projects.


If one of that projects has been done, it allows, to send PGP email out of
the box and maybe as well there is a RELEASE email client, which allows ONLY
to send PGP emails (excapt the one incoming folder for approval mails with
the PGP key of users, which want to connect to you).


If THAT is done, then the project needs an underlaying network to maybe
spoof the IP adress by a mixing cascade.
It would be good, to have that seperated, so that as well other applications
use that mix network,
So that is tor or i2p.
Mixmaster dunno who set those nodes up?

Do you really think, mixmaster has enough nodes? Do you really think that a
tif-for-tat model is good, so that each one running the PGP-Email-Client
should be as well at the same time an Outproxy for other mails? No..

And: Regarding webmail: I want an email client, With Tor it is already
possible to surf to webmail accounts.
What we need is an email client, so either simple mail, which needs a join
and an adresses idea to be made open source, or either Nuntius Leo email
client.

Do you really want to make a new proxy network only for email-mixture?
More important is to have an GPL open source email client, which is sending
by default only PGP-key-Encrypted emails to pre-defined recievers. The
mailinglist problem and approval problems are just a question of precesses
and approval culture.

Then the underlaying network:
Tor is a good idea, if there are enough outproxies.
Otherwise i2p could get an addon in java, to have mail-outproxies only.
third model would be a mixmaster code integrated into the email client, so
that each one is an outproxy, but then please consider, that it needs to be
PGP encrypted email, so that sending only to-pre-defined recievers is
possible, otherwise the outproxies would not be established, and on the
other hand: All mails MUST be PGP key encrypted, so that the Outproxies
cannot read them,

So ideally a good way is to start with retroshare/retromessenger over Tor,
to have this online communication established, later then the Nuntuis leo or
Simplemail client is ready to be added for serverbased- at -mail.

RetroShare itself has played around with i2p, as it solves some internal
connection problems, but that was one year ago and now they are solved over
STUN. So choose Tor  or Mixmaster, to Spoof the IP adress for offline and
online messages.

Thanks for a feedback, how you go on

Regards Max


On 8/20/08, Arrakis <arrakistor at gmail.com> wrote:
>
> I am writing an anonymous email client. The main
> delay has been getting it compatible with the xerobank
> installer so that it automatically downloads mail
> credentials and creates the secmod/key3/cert8 PKCS11
> databases and performs automatic encryption of the
> user credentials, locking it with the users' PIN code
> as the master password.
>
> The design idea is to use an anonymous email server
> / service, or to take any freemail provider and turn
> it into an anonymous account (assuming a clean acct).
>
> So I decided while I picked up a cold at defcon that
> I would sit down and finally finish it. It works.
>
> It is built using Mozilla Thunderbird. It will contain
> the Enigmail extension, and a self-contained GPG
> distribution. It will probably also contain NoScript
> because it has an html renderer inside it. The program
> already has a built-in auto-updater from xerobank that
> will download and install it's own PGP signed updates.
> The enigmail will be configured to use 5+ keyservers
> such as mit, sks, pgp, etc.
>
> The threat model includes content and context obscurity.
>
> Where this meets Tor and anonymity is the question. It
> is my intention to filter by protocol, blocking all
> communication that is not using either SSL or TLS. Are
> there any other considerations we should have, other
> than blocking updates? Should we force OCSP and cert
> revokation checking? Is there any reason we shouldn't
> include the CACert root certificate? Should we scrap
> Tor and make it use mixmaster? Should we force users
> to create/import PGP Keypairs?
>
> The more I understand email threats/issues over Tor
> the better. I am aware that there are only occasionally
> any exit servers allowing port 25, but if we are
> forcing SSL/TLS, then it won't matter what port they
> pick. So any preferences for extensions and behavior are
> welcome.
>
> Suggestions will be used to craft an opensource software
> released under TESLA license which prevents malware /
> spyware additions, and unauthorized modification for
> the purpose of commercial profit.
>
> This program will be completed today, and ready for
> testing tomorrow, so the sooner I get comments the
> better.
>
> Arrakis
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080821/d57a57c9/attachment.htm>