[Cryptography] Dark Mail Alliance specs?

Peter Fairbrother zenadsl6186 at zen.co.uk
Wed Mar 26 19:05:03 EDT 2014


On 26/03/14 19:45, Bear wrote:
>
> I don't want to divert you from what may be an entirely useful course,
> but I'm firmly of the opinion that interoperability with present email
> infrastructure, or even the attempt at it, is fatal to privacy.  In
> fact even the promise of such interoperability is a strong reason to
> NOT trust a new encrypted email application.

I agree, especially with the comments and vulnerabilities you make 
below, and there are also issues with malware and spam detection.

However, I am of the firm opinion that if it isn't compatible with 
ordinary email then it won't get widely adopted, full stop.

So the only option, as I see it, is to make it interoperable, but to 
also close those holes - which may take some doing, especially the sync 
issue.



The rest is bad, but doable - eg attachments and clickable links are 
sent in a single chunk to the browser, which has no access to the 
contents of any other emails.

The browser may be insecure - but the email client need not be. The idea 
here is not to make the system securer, just to make email as secure as 
needed.

Not all messages need a very high level of security - the functionality 
of those that do need that level of security can be limited.


I'd like to repeat my first two objectives:

1) to eventually get a majority of all email sent end-to-end encrypted 
to a minimum security standard, such that active measures are needed to 
intercept and read it.

2) to be usable in a highly secure manner if and when that is required.


Now S/MIME fails to do the first, and PGP fails to do the second [1]  -- 
mostly or solely simply because very few people implement and use them.

[1] except in very limited cases, but eg read about Snowden trying to 
get the journalists to use PGP


--Peter Fairbrother

>
> By the time you have something that allows email to "sync" seamlessly
> across several devices, allows file attachments, allows clickable
> URLS to invoke browsers that can execute scripts, can show attached
> file contents to a browser so people can use a (script-executing!)
> browser to view it, links to external libraries to resolve MIME
> types, and uses plugins created for unencrypted systems, you have
> introduced at least a dozen gaping holes that some black-hat can and
> will drive a tank through.
>
> It does no good to encrypt messages in flight (or even on disk!) if the
> application that can read those messages sprays access to them around
> indiscriminately to whatever happens to be installed on the user's
> machine.
>
> 				Bear
>
>
>



More information about the cryptography mailing list