[tor-talk] Secure email with limited usable metadata

coderman coderman at gmail.com
Tue Jul 2 05:10:38 UTC 2013


On Mon, Jul 1, 2013 at 1:04 PM,  <alice-tor at safe-mail.net> wrote:
>> Thank you for raising this topic once again. Toying with the idea of
>> "better" email for quite some time,...
>> ...
>> I'd like to see a full design for it first, and then the components, and
>> the configuration for each component, so this is easy to set up and
>> replicate by anyone. For example, how do I configure Postfix to relay
>> certain incoming mail to a configured hidden service, how do I make it
>> so it only rejects non-PGP mail for some accounts, etc.
>
> i am not capable of coming up with this system on my own. anyone else in on this? Jake? codeman?


my contempt for email should be evident by provider; ...  ;)
  [OTR, ZRTP, others preferable many years now]

yet in all seriousness the complexities are many and some difficult
problems (hidden svc to public network delivery with any confidence,
end-user key management that is usable _and_ secure by default,
sufficiently inter-operable without undue vulnerability or exposure,
protocol aware mail message identifying information scrubbing modes,
proper SSL/TLS cipher suites with PFS and wide client side support,
ssl/tls session expiry and zeroisation, many others) have frustrating
trade offs for all parties.

regarding a well thought out specification: something written in
chef[0] or saltstack[1] which i could launch and test myself would be
excellent. suggestions accepted in form of git diffs and pull
requests...



alas, my order of copious free time is in the mail and it may be
difficult to find someone excited to tackle this;
 i wager Jake would prefer numerous other agonies instead!



0. http://docs.opscode.com/

1. https://saltstack.com/community.html


More information about the tor-talk mailing list