So I set up a proof-of-concept server last Friday, which was far easier than I had pictured. Special thanks to Moritz for his PGP milter [1], but I'm also customizing a lot of the other security and spam filter settings.
Short: It should be up for comment in the next two weeks. Long: I'm recreating the whole setup on a Linode slice and opening it up for beta signups. I'm *ALSO* considering whether to use Postfix in a LAMP stack (current), Haraka in a MEAN stack[2], or Lamson in a LAMPy stack.[3] I'd have to write new filters, but it's .[4] Unfortunately, serious personal matters are occupying my attention. There have been some interesting points and questions on both guardian-dev and libtech (waaay more than I'm highlighting here): The Doctor wrote: > This might be a good place to start: > > https://grepular.com/Automatically_Encrypting_all_Incoming_Email Daniel McCarney wrote: > It might also be a good source of inspiration. Applying GPG at the > Dovecot/Sieve > layer allows rule-based encryption to specific key IDs. That was the main > selling point for me :-) I'm on the fence as to whether or not to encrypt all incoming email to the users' GPG key adrelanos wrote: > Why not post messages to usenet alt.anonymous.messages? That also would be an easy way to map out who is talking to whom, and how frequently. Unless the individuals made up an entirely new key, which may remove the ease of use aspect. Richard wrote: > how do you make webmail with PGP end to end encryption? I assume you > could do PGP in javascript but it would be trivially easy for the server > to steal the users secret keys in that case. Yeah, and it doesn't avoid "the Hushmail Problem," where the government orders you to disable crypto for a given person. There'd have to be (at a minimum) a browser extension or outside program involved, and at that point, it's just as easy for people to pick a GPG app/extension of their choice. best, Griffin [1] https://github.com/moba/pgpmilter [2] http://haraka.github.io/manual.html [3] https://github.com/zedshaw/lamson [spoiler alert, it's a total pain in the ass] [4] http://projects.csail.mit.edu/gsb/old-archive/gsb-archive/gsb2000-02-11.html -- "Cypherpunks write code not flame wars." --Jurre van Bergen #Foucault / PGP: 0xAE792C97 / OTR: [email protected] My posts, while frequently amusing, are not representative of the thoughts of my employer. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
