Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
On Wed, Aug 14, 2013 at 07:12:24PM -0400, Tom Ritter wrote: On 14 August 2013 18:01, Richard r...@linux-m68k.org wrote: On the other end of the paranoia scale I would like to remind folks of the the mixmaster remailer chaining technique which does much more than plain encryption - as far as I can see it is theoretically completely untraceable. That statement is not correct. Mix networks require more effort to trace than normal packets or Onion Routing, but are not even close to theoretically completely untraceable. I'll point to Syverson's papers (Why I'm not an entropist, and Sleeping dogs lie in a bed of onions) and Serjantov's From a Trickle to a Flood. thanks for the pointers, will review them when I have time. Still think that mixmaster would deserve more attention. Richard --- Name and OpenPGP keys available from pgp key servers -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
On 9 August 2013 18:16, Seth David Schoen sch...@eff.org wrote: If you think governments are likely to use their own CAs for spying by issuing fraudulent certificates, you want to remove trust for those CAs _in your web browser_. Having a valid, correct, and publicly issued certificate from such a CA does not make the CA operator any more able to spy on you. There was a lot of concern when CNNIC became a root CA in mainstream browsers because of the perception that the Chinese government could force CNNIC to misissue certificates to facilitate surveillance. But this risk would be a reason for users not to trust the CNNIC root in their browsers, not directly a reason for sites to avoid getting certs from CNNIC. While I agree your technical assessment is correct, I do want to note (and you'll probably agree with me) that if you think a CA may misissue/rollover for a government, the (indirect) reasons not to buy from that CA are to a) not give them additional money and b) reduce the number of certs on the internet using that CA, making it ever-so-slightly more possible for browsers will eventually be able to remove it from their trust stores. Aside from StartCom (free) most CAs have roughly the same price and service. Since service is equivalent, you're free to choose a CA based on your political opinion, and not worry about missing out on 'features'. It's basically like voting in an election - elections are won by tens or hundreds of thousands of votes, so it seems like one vote doesn't matter. But it can add up. -tom -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
Hi Tom Aside from StartCom (free) most CAs have roughly the same price and service. Since service is equivalent, you're free to choose a CA based on your political opinion, and not worry about missing out on 'features'. It's basically like voting in an election - elections are won by tens or hundreds of thousands of votes, so it seems like one vote doesn't matter. But it can add up. Not sure if you know this one, but this article paints a somewhat more complex picture of the HTTPS economics. In particular, companies buy from the big players because, alas and behold, they're too big to fail and will never be removed from root stores: @INPROCEEDINGS{Asghari2013, author = {Asghari, Hadi and van Eeten, Michel J. G. and Arnbak, Axel M. and van Eijk, Nico A. N. M.}, year = {2013}, month = {March}, title = {Security Economics in the {HTTPS} value chain}, location = {Washington, D.C., USA}, booktitle = {Proc. 12th Ann. Workshop on the Economics of Information Security (WEIS 2013)}, } Ralph -- Ralph Holz I8 - Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ Phone +49.89.289.18043 PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
On 14 August 2013 18:01, Richard r...@linux-m68k.org wrote: On the other end of the paranoia scale I would like to remind folks of the the mixmaster remailer chaining technique which does much more than plain encryption - as far as I can see it is theoretically completely untraceable. That statement is not correct. Mix networks require more effort to trace than normal packets or Onion Routing, but are not even close to theoretically completely untraceable. I'll point to Syverson's papers (Why I'm not an entropist, and Sleeping dogs lie in a bed of onions) and Serjantov's From a Trickle to a Flood. On 14 August 2013 10:17, Ralph Holz h...@net.in.tum.de wrote: Hi Tom Aside from StartCom (free) most CAs have roughly the same price and service. Since service is equivalent, you're free to choose a CA based on your political opinion, and not worry about missing out on 'features'. It's basically like voting in an election - elections are won by tens or hundreds of thousands of votes, so it seems like one vote doesn't matter. But it can add up. Not sure if you know this one, but this article paints a somewhat more complex picture of the HTTPS economics. In particular, companies buy from the big players because, alas and behold, they're too big to fail and will never be removed from root stores: @INPROCEEDINGS{Asghari2013, author = {Asghari, Hadi and van Eeten, Michel J. G. and Arnbak, Axel M. and van Eijk, Nico A. N. M.}, year = {2013}, month = {March}, title = {Security Economics in the {HTTPS} value chain}, location = {Washington, D.C., USA}, booktitle = {Proc. 12th Ann. Workshop on the Economics of Information Security (WEIS 2013)}, } I had not seen that paper, that's cool thanks. However, it seems they're observing data (EFF Observatory and Market Prices) and drawing conclusions about why companies make decisions. It would be easier and more reliable to just... ask the companies why they do what they do. They seem to omit that somewhat important step to support their conclusions. -tom -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
Griffin, The more this gets fleshed out on list - the more it departs from any vestige of email and then you're basically talking about shoe-horning a different architectural beast into a transport protocol we happen to know. (I'm not saying ~you~ are planning that - just making an observation of nuanced list evolution.) You're going to end up in a place that it might be more tenable to pursue building out better transport options for a RetroShare or Kolab environment. Usability for new users is going to take a massive hit with any proposal that seems to catch interest above. I therefore I think it may be prudent to consider an encapsulated secure environment (using RetroShare as an example) with a bridge ingress/egress to the outside world services that gets handled like a PGP Universal setup. Using x509 or PGP, not sure we'd care as long as the CA model of today had nothing to do with it - or minimally involved in the external bridging. In a sense what I'm saying is stop even considering secure email an option - we need to start having people think about their communications and security models entirely different. And I'm afraid that even attempting to maintain vestiges of the old environment and ~terminology~ actually does more harm than good. This isn't to say abandon security of email - but lets tackle the new-fangled solutions on one leg (leaving behind as much legacy as possible) - and use political means to continue to attack the Internet of old problems (e.g. email) on the other leg. That made total sense in my head. *grimace* Cheers, -Ali -- Liberationtech is a public list whose archives are searchable on Google. Persistent violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
On Fri, Aug 09, 2013 at 05:07:26PM -0400, Tim Prepscius wrote: If you'd like to help me that would be cool.. My take on this is this: (these are are not all my ideas, can't take full credit) We want to get to a state where an e-mail server is easy to set up. And runs with *non governmental* issued ssl certificates. Where it provides web-mail (think gmail), iPhone and android. how do you make webmail with PGP end to end encryption? I assume you could do PGP in javascript but it would be trivially easy for the server to steal the users secret keys in that case. Richard --- Name and OpenPGP keys available from pgp key servers -- Liberationtech is a public list whose archives are searchable on Google. Persistent violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
I think there would be some value to a system like that. It would address a lot of real world threats but it will not address large scale government monitoring systems, which many governments have (US, China, UK, Iran, etc). Sounds like you should team up with Tim Prepscius with his system that he's been posting about here. .hc On Aug 9, 2013, at 2:07 PM, Griffin Boyce wrote: This probably sounds very strange, but *what if* someone ran an email service that required that all mails be GPG encrypted? So here's my idea: Barring the honor system, it would require a filter to look at message content to check for PGP headers. And if said headers didn't exist, the message doesn't get sent.[1] There's no Sent Mail folder on the server, so if you want a copy, you'd need to have Thunderbird (etc) set up to store them locally. It wouldn't protect from metadata collection, but it would at least (to some extent) protect people from their own poor security decisions while emphasizing that options exist to protect themselves. Considerations: * This assumes that an order would arrive to disable PGP filter and enable a sent folder (eg, this idea assumes metadata is unprotected) * Those playing at home may recognize this as a naive Bayes classifier, given that the presence of PGP headers don't necessarily mean the actual message is encrypted. There are other (heavier) steps that could be taken, like checking for encryption on outbound with SJCL, but I think that probability is on our side here. * In the face of an NSL, the service would realistically either fall back to policy (removing tech-based enforcement by order) or shut down entirely. What does everyone think? Is this totally nuts or what? best, Griffin -- Cypherpunks write code not flame wars. --Jurre van Bergen #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de mailto:sa...@jabber.ccc.de My posts, while frequently amusing, are not representative of the thoughts of my employer. ___ Guardian-dev mailing list Post: guardian-...@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: guardian-dev-unsubscr...@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info You are subscribed as: h...@guardianproject.info -- Liberationtech is a public list whose archives are searchable on Google. Persistent violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
If you'd like to help me that would be cool.. My take on this is this: (these are are not all my ideas, can't take full credit) We want to get to a state where an e-mail server is easy to set up. And runs with *non governmental* issued ssl certificates. Where it provides web-mail (think gmail), iPhone and android. The meta data problem goes away if the point of failure is spread thin enough. Basically, you rely that the NSA will not take the chance of sending a secret order to 1000 people with consciences. If everyone is using non government issued ssl certificates, the XKeyscore problem goes away. (only a guess though of course) The mail client will have pgp mime end-to-end. The mail server, run by you, or run by a friend of yours, or some business, will provide a secure means to login for web-mail. .. What I'm doing is: 1. finishing off getting all of the source on github 2. this weekend work on deploying easily to an ec2 instance. If you'd like to help, you could get it from github https://github.com/timprepscius/mailiverse and try to build things, see what breaks, although I'm sure I'll find out on my own pretty soon. If you have any expertise in PGP mime, I could use it. Setting up PGP mime looks like it will be trivial. I just have to figure out what to do. Which takes longer than writing the code unfortunately. -tim On 8/9/13, Hans of Guardian h...@guardianproject.info wrote: I think there would be some value to a system like that. It would address a lot of real world threats but it will not address large scale government monitoring systems, which many governments have (US, China, UK, Iran, etc). Sounds like you should team up with Tim Prepscius with his system that he's been posting about here. .hc On Aug 9, 2013, at 2:07 PM, Griffin Boyce wrote: This probably sounds very strange, but *what if* someone ran an email service that required that all mails be GPG encrypted? So here's my idea: Barring the honor system, it would require a filter to look at message content to check for PGP headers. And if said headers didn't exist, the message doesn't get sent.[1] There's no Sent Mail folder on the server, so if you want a copy, you'd need to have Thunderbird (etc) set up to store them locally. It wouldn't protect from metadata collection, but it would at least (to some extent) protect people from their own poor security decisions while emphasizing that options exist to protect themselves. Considerations: * This assumes that an order would arrive to disable PGP filter and enable a sent folder (eg, this idea assumes metadata is unprotected) * Those playing at home may recognize this as a naive Bayes classifier, given that the presence of PGP headers don't necessarily mean the actual message is encrypted. There are other (heavier) steps that could be taken, like checking for encryption on outbound with SJCL, but I think that probability is on our side here. * In the face of an NSL, the service would realistically either fall back to policy (removing tech-based enforcement by order) or shut down entirely. What does everyone think? Is this totally nuts or what? best, Griffin -- Cypherpunks write code not flame wars. --Jurre van Bergen #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de mailto:sa...@jabber.ccc.de My posts, while frequently amusing, are not representative of the thoughts of my employer. ___ Guardian-dev mailing list Post: guardian-...@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: guardian-dev-unsubscr...@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info You are subscribed as: h...@guardianproject.info ___ Guardian-dev mailing list Post: guardian-...@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: guardian-dev-unsubscr...@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/timprepscius%40gmail.com You are subscribed as: timprepsc...@gmail.com -- Liberationtech is a public list whose archives are searchable on Google. Persistent violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
On Fri, Aug 09, 2013 at 02:07:25PM -0400, Griffin Boyce wrote: This probably sounds very strange, but *what if* someone ran an email service that required that all mails be GPG encrypted? I did long wish for a system that would send every non-GPG message to the spamfolder. Richard --- Name and OpenPGP keys available from pgp key servers -- Liberationtech is a public list whose archives are searchable on Google. Persistent violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
ooh, I love this discussion. I'll drop in my quick points, and would love to hear other perspectives. 2 points: 1) Is there a milter that could be plugged into existing SMTP servers (sendmail, postfix, ...) that could require OpenPGP encapsulation, and immediately reject messages back to the sender upon receipt of unprotected email. (Heck, maybe the message doesn't even have to be signed or encrypted but just require the minimum that has either the proper PGP mime encapsulation or an inline-format ascii armored format.) If such a milter does not exist, we could create one. Being a milter means this code could be plugged into a variety of existing SMTP servers that are already deployed. 2) Sorry, but isn't any mail service that runs a web front-end subject to its country's government stepping in and requiring backdoors or other means of tampering with the web code that's sent to customer's browsers? (ie, is there any technical reason that a web-based email provider could not comply with a secret order to insert backdoors into code sent from centrally controlled web servers to the clients?) Heck, even downloading apps off Google Play doesn't feel secure. It is technically feasible that Google could comply with a court order to inject a backdoor into a third-party's app (or their own app) for when only 1 user's phone automatically probes the play service for updates. (It sounds far fetched, yes. But it is technically feasible, and many things sound far fetched until we later find out it has been true for a while.) Security (privacy) could only be had when you can trust your computing platform (must be personally owned and controlled), and that is pretty hard to guarantee. (including baseband chipset backdoors, etc...) However, just because something may be hard, doesn't mean we shouldn't strive for it. :) --- So in closing... I figure just a milter that requires all traffic to be encapsulated via any format of PGP / OpenPGP / GNUPG / whateverPG would be a fantastic start. But I'm not so sure about being able to give anyone security through any webmail clients. (heaven forbid that anyone's webmail is actually served off of a VPS in the cloud somewhere... and thus subject to court orders given to the company providing the VPS service...) - David :) (putting my tin foil hat back on and releasing the dolphins back to the ocean with my private keys...) On Fri, Aug 09, 2013 at 05:07:26PM -0400, Tim Prepscius wrote: If you'd like to help me that would be cool.. My take on this is this: (these are are not all my ideas, can't take full credit) We want to get to a state where an e-mail server is easy to set up. And runs with *non governmental* issued ssl certificates. Where it provides web-mail (think gmail), iPhone and android. The meta data problem goes away if the point of failure is spread thin enough. Basically, you rely that the NSA will not take the chance of sending a secret order to 1000 people with consciences. If everyone is using non government issued ssl certificates, the XKeyscore problem goes away. (only a guess though of course) The mail client will have pgp mime end-to-end. The mail server, run by you, or run by a friend of yours, or some business, will provide a secure means to login for web-mail. .. What I'm doing is: 1. finishing off getting all of the source on github 2. this weekend work on deploying easily to an ec2 instance. If you'd like to help, you could get it from github https://github.com/timprepscius/mailiverse and try to build things, see what breaks, although I'm sure I'll find out on my own pretty soon. If you have any expertise in PGP mime, I could use it. Setting up PGP mime looks like it will be trivial. I just have to figure out what to do. Which takes longer than writing the code unfortunately. -tim On 8/9/13, Hans of Guardian h...@guardianproject.info wrote: I think there would be some value to a system like that. It would address a lot of real world threats but it will not address large scale government monitoring systems, which many governments have (US, China, UK, Iran, etc). Sounds like you should team up with Tim Prepscius with his system that he's been posting about here. .hc On Aug 9, 2013, at 2:07 PM, Griffin Boyce wrote: This probably sounds very strange, but *what if* someone ran an email service that required that all mails be GPG encrypted? So here's my idea: Barring the honor system, it would require a filter to look at message content to check for PGP headers. And if said headers didn't exist, the message doesn't get sent.[1] There's no Sent Mail folder on the server, so if you want a copy, you'd need to have Thunderbird (etc) set up to store them locally. It wouldn't protect from metadata collection, but it would at least (to some extent) protect people from their own poor security
Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
Tim Prepscius writes: We want to get to a state where an e-mail server is easy to set up. And runs with *non governmental* issued ssl certificates. I think this might reflect a misperception of the threat model around misissuance of certificates. If you think governments are likely to use their own CAs for spying by issuing fraudulent certificates, you want to remove trust for those CAs _in your web browser_. Having a valid, correct, and publicly issued certificate from such a CA does not make the CA operator any more able to spy on you. There was a lot of concern when CNNIC became a root CA in mainstream browsers because of the perception that the Chinese government could force CNNIC to misissue certificates to facilitate surveillance. But this risk would be a reason for users not to trust the CNNIC root in their browsers, not directly a reason for sites to avoid getting certs from CNNIC. The cert isn't some kind of poison for private communications that use it, it's just a way of telling browsers that your key is OK to use. If you have a cert that tells browsers that your key is OK to use and the browsers will accept it and you agree with the contents of that cert, the cert is fine for you to use on your site. The risk to me from, say, CNNIC is that even though I use a cert from StartCom, CNNIC will secretly misissue a different cert for my site containing a public key controlled by the Chinese government, and then the government can use that to spy on some users who communicate with my site. The risk is not that I would ask CNNIC's CA for a cert for my site containing my actual public key and that they would say yes and give it to me. :-) -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is a public list whose archives are searchable on Google. Persistent violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] [guardian-dev] An email service that requires GPG/PGP?
I'd like to respond to this just a bit. 1. requiring PGP without giving a user centric means of using PGP doesn't actually solve anything. It's like telling an adult they have to eat stinky tofu. If they love stinky tofu then fine, but if they don't, there is no way it's going to happen. I would guess that 0.01% of people LIKE the thunderbird experience. Whereas I would guess 90% like gmail. Also, getting people to download and install software is very difficult these days. 2. web mail security: I think web mail security can be better than you think. What is necessary for security? Code not being tampered with. Can you verify code has not been tampered with? Yes (up to a point of course). Retrieval and protection of keys from a central server. I believe my scheme is viable. I believe there is no way for any agency to do mass surveillance by cracking of tens of thousands of keys to read e-mail. It probably is possible to break a single user, but nothing can protect a single user from the NSA/FBI/CIA. (did you recognize the utility man who came last time? no? well you might have a key-logger, or a camera might be in your room) I could be wrong of course, but if I'm wrong, I think someone will fix it. 3. also, I think it is important to understand the limits of cloud service back doors. Let's say that you only used the cloud to store encrypted files. And you used your own personal computer to run the mail server, static ip proxy-ing off an ec2 instance. (this is best I think). it wouldn't matter if the cloud was a threat because everything is encrypted anyways. I mean wouldn't matter means, sort of wouldn't matter, there is always meta data, file size, file write time, etc. Ahh.. I see, I wrote that I was setting up the deploy to go to an ec2 instance. This gave the wrong impression perhaps. I don't have any free machines at the moment, and zero disk space weirdly, so I'm going to use ec2 instances to test. -- Anyways, super tired, hope my rambling isn't too incoherent. Cheers, -tim On 8/9/13, David Holl da...@ad5ey.net wrote: ooh, I love this discussion. I'll drop in my quick points, and would love to hear other perspectives. 2 points: 1) Is there a milter that could be plugged into existing SMTP servers (sendmail, postfix, ...) that could require OpenPGP encapsulation, and immediately reject messages back to the sender upon receipt of unprotected email. (Heck, maybe the message doesn't even have to be signed or encrypted but just require the minimum that has either the proper PGP mime encapsulation or an inline-format ascii armored format.) If such a milter does not exist, we could create one. Being a milter means this code could be plugged into a variety of existing SMTP servers that are already deployed. 2) Sorry, but isn't any mail service that runs a web front-end subject to its country's government stepping in and requiring backdoors or other means of tampering with the web code that's sent to customer's browsers? (ie, is there any technical reason that a web-based email provider could not comply with a secret order to insert backdoors into code sent from centrally controlled web servers to the clients?) Heck, even downloading apps off Google Play doesn't feel secure. It is technically feasible that Google could comply with a court order to inject a backdoor into a third-party's app (or their own app) for when only 1 user's phone automatically probes the play service for updates. (It sounds far fetched, yes. But it is technically feasible, and many things sound far fetched until we later find out it has been true for a while.) Security (privacy) could only be had when you can trust your computing platform (must be personally owned and controlled), and that is pretty hard to guarantee. (including baseband chipset backdoors, etc...) However, just because something may be hard, doesn't mean we shouldn't strive for it. :) --- So in closing... I figure just a milter that requires all traffic to be encapsulated via any format of PGP / OpenPGP / GNUPG / whateverPG would be a fantastic start. But I'm not so sure about being able to give anyone security through any webmail clients. (heaven forbid that anyone's webmail is actually served off of a VPS in the cloud somewhere... and thus subject to court orders given to the company providing the VPS service...) - David :) (putting my tin foil hat back on and releasing the dolphins back to the ocean with my private keys...) On Fri, Aug 09, 2013 at 05:07:26PM -0400, Tim Prepscius wrote: If you'd like to help me that would be cool.. My take on this is this: (these are are not all my ideas, can't take full credit) We want to get to a state where an e-mail server is easy to set up. And runs with *non governmental* issued ssl certificates. Where it provides web-mail (think gmail), iPhone and android. The meta data problem goes away if the point of failure