[Cryptography] DIME // Pending Questions // Seeking Your Input
Ladar Levison
ladar at lavabitllc.com
Wed Mar 11 10:06:14 EDT 2015
On 3/5/2015 3:09 PM, Peter Fairbrother wrote:
> So, what does this system need in order to be implemented? It needs
> mail servers to use TLS between client and server, which is not a huge
> stretch. It needs a single or better several distributed directory
> servers. It needs updates to the client's email programs, or webmail
> with a hidden key program, probably a browser extension.
In very simplistic terms, that is _exactly_ what we are building. Only
in our world the "directory" server is actually the mail server for the
recipient, which hosts the "signet." It makes sense that if the mail
server is offline, then you can't deliver mail anyways, so why introduce
an external piece to the puzzle.
All the extra complexity is either to prevent MitM, or optional.
P.S. DIME requires TLS v1.2 using the ECHDE-RSA-AES-256-GCM-SHA384
(OpenSSL name, I don't know the RFC name by heart). So yes, TLS is
required for a "conforming" DMTP server.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150311/45891789/attachment.sig>
More information about the cryptography
mailing list