[Cryptography] PRISM PROOF Email

[Perry E. Metzger]

On Sun, 25 Aug 2013 10:37:52 -0700 Ray Dillinger <bear at sonic.net>
wrote:
> Therefore, IMO, any possible solution to email privacy, if it is to
> be trusted at all, must be pure P2P with no centralized points of
> failure/control and no specialized routers etc.

Quite agreed. I have a long message in draft that I'll hopefully be
sending out later today on this topic.

> And it can have no built-in gateways to SMTP.  Sure, someone will
> set one up, but there simply cannot be any dependence on SMTP or
> the whole thing is borked before it begins.  It is time to simply
> walk away from that flaming wreckage and consider how to do email
> properly. S/Mime and PGP email-body encryption both fail to protect
> from traffic analysis because of underlying dependence on SMTP.

That said, as I shall propose, it is not necessary to get rid of all
our email infrastructure. In particular, RFC-2822 remains an entirely
viable thing, and I think IMAP based clients can continue to be used,
with at most small changes.

> Onion routing fails to protect due to timing attacks.

Mix networks are not onion routing, though. If you're pure peer to
peer, traffic analysis is possible. Real mix networks are now quite
feasible, however, and unlike the Tor model where one is trying to
make real time TCP connections secure, there is no need to be "real
time" for IM and Email -- a delay of a couple of seconds is just
fine.

> So I say you must design your easy-to-use client completely
> replacing the protocol layer.  No additional effort to install
> because this is the only protocol it handles.

I see this as a reasonable observation.

As I said, I'll be explaining the rest of my proposal (of which I've
put up the first two parts, which are reasonably independent) later.

Perry
-- 
Perry E. Metzger		perry at piermont.com