[Cryptography] Dark Mail Alliance specs?

Sun Nov 24 05:29:42 EST 2013

On 11/24/13 01:20, Jerry Leichter wrote:
> There's a third recent factor, of course:  Increasingly, people read
> their email through Web interfaces.  There's simply no way to make
> that secure in current browsers.  Sure, you can download some
> Javascript to decrypt your mail, but there's no good reason to trust
> it!

Yes, there is a way. Instead of using javascript with its eternal
validation problems, use a browser plugin to do the key handling and
message signing.

> My suggestion is that there are two fundamental problems that need to
> be attacked:
> 
> 1.  The key lookup/distribution problem.  It has to be easy and
> straightforward to get keys in the common use cases.  In fact, it
> needs to be so easy and straightforward as to be invisible to most
> users most of the time. It's easy to get caught up in difficult edge
> cases that can't be handled easily.  This is a case where "the best
> is the enemy of the good".  Cover as much as you can cleanly today;
> worry about the hard cases tomorrow.  (Many people will never run
> into a need for a solution to a hard case, and those that do may be
> willing and able to do more work.)

Using anounymous client certificates and a GPG-keyserver model (reached
via Tor) you can create a key distrubution mechanism that solves these
issues. You also need to remember the certificates in your address book.
Don't throw away the result of your validation actions, remember them!

> 2.  The Web mail problem.  I can see only one solution to this:  Get
> S/MIME implemented in browsers.  HTML/5 already contains tons of
> interfaces (way too many, I'd say, but that ship sailed a *long* time
> ago) to implement various things that simply need to be present
> *everywhere*, generally for performance reasons.  (After all,
> Javascript *is* Turing-complete.)  While S/MIME or some other secure
> mail protocol *could* be implemented in Javascript, it would have to
> be downloaded each time - and there's no way to guarantee security.
> If S/MIME were built in, you would have exactly as much reason to
> trust it as you would to trust the S/MIME in your conventional MUA.

That's something I've also conquered. My agent module does the
encryption and decryption.

In fact, you can try it out: download the proxy[1], configure your
browser to use it and browse to http :// dating.wtmnd.nl:10443/ (the
proxy does the https to the server).

Create an acccount and send a message to guidow@@dating.wtmnd.nl.

When you use Tor, my server can't even learn your IP-address.

See:
http://eccentric-authentication.org/blog/2013/06/07/run-it-yourself.html

Regards, Guido Witmond

1: http://eccentric-authentication.org/blog/2013/06/07/run-it-yourself.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131124/ca95cefa/attachment.pgp>