[Cryptography] prism proof email, namespaces, and anonymity

[Perry E. Metzger]

On Fri, 13 Sep 2013 16:55:05 -0400 John Kelsey <crypto.jmk at gmail.com>
wrote:
> Everyone,
> 
> The more I think about it, the more important it seems that any
> anonymous email like communications system *not* include people who
> don't want to be part of it, and have lots of defenses to prevent
> its anonymous communications from becoming a nightmare for its
> participants.  If the goal is to make PRISM stop working and make
> the email part of the internet go dark for spies (which definitely
> includes a lot more than just US spies!), then this system has to
> be something that lots of people will want to use.  
> 
> There should be multiple defenses against spam and phishing and
> other nasty things being sent in this system, with enough
> designed-in flexibility to deal with changes in attacker behavior
> over tome.

Indeed. As I said in the message I just pointed Nico at:
http://www.metzdowd.com/pipermail/cryptography/2013-August/016874.html

Quoting myself:

   Spam might be a terrible, terrible problem in such a network since
   it could not easily be traced to a sender and thus not easily
   blocked, but there's an obvious solution to that. I've been using
   Jabber, Facebook and other services where all or essentially all
   communications require a bi-directional decision to enable messages
   for years now, and there is virtually no spam in such systems
   because of it. So, require such bi-directional "friending" within
   our postulated new messaging network -- authentication is handled
   by the public keys of course. 

> Some thoughts off the top of my head.  Note that while I think all
> these can be done with crypto somehow, I am not thinking of how to
> do them yet, except in very general terms.  
> 
> a.  You can't freely send messages to me unless you're on my
> whitelist.  

That's my solution. As I note, it seems to work for Jabber, Facebook
and other such systems, so it may be sufficient.

> b.  This means an additional step of sending me a request to be
> added to your whitelist.  This needs to be costly in something the
> sender cares about--money, processing power, reputation, solving a
> captcha, rate-limits to these requests, whatever.

I'm not sure about that. Jabber doesn't really rate limit the number
of friend requests I get per second but I don't seem to get terribly
many, perhaps because fakes at most could hide some attempted phish
in a user at domain name, which isn't very useful to scammers.

> g.  The format of messages needs to be restricted to block malware,
> both the kind that wants to take over your machine and the kind
> that wants to help the attacker track you down.  Plain text email
> only?  Some richer format to allow foreign language support?  

My claim that I make in my three messages from August 25 is that it
is probably best if we stick to existing formats so that we can
re-use existing clients. My idea was that you still talk IMAP and
SMTP and Jabber to a server you control (a $40 box you get at Best Buy
or the like) using existing mail and chat clients, but that past your
server everything runs the new protocols.

In addition to the message I linked to above, see also:
http://www.metzdowd.com/pipermail/cryptography/2013-August/016870.html
http://www.metzdowd.com/pipermail/cryptography/2013-August/016872.html
for my wider proposals.

I agree this makes email delivered malware continue to be a bit of a
problem, though you could only get it from your friends.

Perry
-- 
Perry E. Metzger		perry at piermont.com