[Cryptography] prism proof email, namespaces, and anonymity
Perry E. Metzger
perry at piermont.com
Fri Sep 13 17:12:43 EDT 2013
On Fri, 13 Sep 2013 16:55:05 -0400 John Kelsey <crypto.jmk at gmail.com>
> The more I think about it, the more important it seems that any
> anonymous email like communications system *not* include people who
> don't want to be part of it, and have lots of defenses to prevent
> its anonymous communications from becoming a nightmare for its
> participants. If the goal is to make PRISM stop working and make
> the email part of the internet go dark for spies (which definitely
> includes a lot more than just US spies!), then this system has to
> be something that lots of people will want to use.
> There should be multiple defenses against spam and phishing and
> other nasty things being sent in this system, with enough
> designed-in flexibility to deal with changes in attacker behavior
> over tome.
Indeed. As I said in the message I just pointed Nico at:
Spam might be a terrible, terrible problem in such a network since
it could not easily be traced to a sender and thus not easily
blocked, but there's an obvious solution to that. I've been using
Jabber, Facebook and other services where all or essentially all
communications require a bi-directional decision to enable messages
for years now, and there is virtually no spam in such systems
because of it. So, require such bi-directional "friending" within
our postulated new messaging network -- authentication is handled
by the public keys of course.
> Some thoughts off the top of my head. Note that while I think all
> these can be done with crypto somehow, I am not thinking of how to
> do them yet, except in very general terms.
> a. You can't freely send messages to me unless you're on my
That's my solution. As I note, it seems to work for Jabber, Facebook
and other such systems, so it may be sufficient.
> b. This means an additional step of sending me a request to be
> added to your whitelist. This needs to be costly in something the
> sender cares about--money, processing power, reputation, solving a
> captcha, rate-limits to these requests, whatever.
I'm not sure about that. Jabber doesn't really rate limit the number
of friend requests I get per second but I don't seem to get terribly
many, perhaps because fakes at most could hide some attempted phish
in a user at domain name, which isn't very useful to scammers.
> g. The format of messages needs to be restricted to block malware,
> both the kind that wants to take over your machine and the kind
> that wants to help the attacker track you down. Plain text email
> only? Some richer format to allow foreign language support?
My claim that I make in my three messages from August 25 is that it
is probably best if we stick to existing formats so that we can
re-use existing clients. My idea was that you still talk IMAP and
SMTP and Jabber to a server you control (a $40 box you get at Best Buy
or the like) using existing mail and chat clients, but that past your
server everything runs the new protocols.
In addition to the message I linked to above, see also:
for my wider proposals.
I agree this makes email delivered malware continue to be a bit of a
problem, though you could only get it from your friends.
Perry E. Metzger perry at piermont.com
More information about the cryptography