On Sun, 25 Aug 2013 10:37:52 -0700 Ray Dillinger <b...@sonic.net> wrote: > Therefore, IMO, any possible solution to email privacy, if it is to > be trusted at all, must be pure P2P with no centralized points of > failure/control and no specialized routers etc.
Quite agreed. I have a long message in draft that I'll hopefully be sending out later today on this topic. > And it can have no built-in gateways to SMTP. Sure, someone will > set one up, but there simply cannot be any dependence on SMTP or > the whole thing is borked before it begins. It is time to simply > walk away from that flaming wreckage and consider how to do email > properly. S/Mime and PGP email-body encryption both fail to protect > from traffic analysis because of underlying dependence on SMTP. That said, as I shall propose, it is not necessary to get rid of all our email infrastructure. In particular, RFC-2822 remains an entirely viable thing, and I think IMAP based clients can continue to be used, with at most small changes. > Onion routing fails to protect due to timing attacks. Mix networks are not onion routing, though. If you're pure peer to peer, traffic analysis is possible. Real mix networks are now quite feasible, however, and unlike the Tor model where one is trying to make real time TCP connections secure, there is no need to be "real time" for IM and Email -- a delay of a couple of seconds is just fine. > So I say you must design your easy-to-use client completely > replacing the protocol layer. No additional effort to install > because this is the only protocol it handles. I see this as a reasonable observation. As I said, I'll be explaining the rest of my proposal (of which I've put up the first two parts, which are reasonably independent) later. Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography