> > > One difficult problem in public-key encryption is key exchange: how to > get > > a recipient's public key and know it's really theirs. > > My plan is to make make your email the hash of your public key. > > For example, my address is *nqkgpx6bqscsl...@scramble.io* > > (I borrowed this idea from Tor Hidden Services.) > This is what we need everyone to adopt. Your ID = your public key hash and > not > an account on some server you don't control. Glad to see more people adopt > this idea. Any chance of interoperability with other projects with similar > aims and ideas like Cables? [1] > [1] http://dee.su/cables
Cables looks very cool. One big difference between Scramble and Cables is the synchronous aspect. With Scramble, I've tried to preserve the semantics of normal email, where the host and recipient never need to be online at the same time. Scramble: * You send from any computer. The server stores an encrypted copy. The client stores nothing. * The recipient reads the message from any computer, some point later. Cables (correct me if I misunderstood!): * You send from your own computer. The client stores it until the recipient is online. * The recipient reads from their own computer. When you and they are both online, the message is exchange P2P, no servers involved. I think both ways are cool. Scramble is easy to use and similar to normal email. Cables takes advantage of the synchronous, P2P message transfer to negotiate a key (Diffie Hellman, I'm guessing?) that's only used once, so that you get forward secrecy. Two questions! * Can I try Cables without installing the full Liberte Linux distro? * Could you point me to the source? Mine's here: * https://github.com/dcposch/scramble* DC On Fri, Aug 23, 2013 at 1:53 AM, DC <dcpo...@cs.stanford.edu> wrote: > Hi everyone, > > I'm DC, and I've been lurking here for a few weeks :) > > Since the NSA leaks, I've been inspired to work on an old dream: > end-to-end encrypted email. > > One difficult problem in public-key encryption is key exchange: how to get > a recipient's public key and know it's really theirs. > My plan is to make make your email the hash of your public key. > For example, my address is *nqkgpx6bqscsl...@scramble.io* > (I borrowed this idea from Tor Hidden Services.) > > This lets you build an email system with some nice properties: > * It's webmail. I want something easy to use and understand, unlike PGP, > so that nontechnical people can grok it. > * Webmail has an inherent weakness: if push comes to shove, the NSA can > compel a Scramble server to serve bad Javascript to their users. I want to > give users the option to install the app as a Chrome extension. Same HTML, > CSS, and JS, but served locally, so the server is untrusted. > * You can look up someone's public key from an untrusted server, and > verify that it's actually theirs. > * Anyone can run a Scramble server > * It's open source > * All email between Scramble addresses is encrypted. Both Subject and Body > are encrypted via PGP. > * With some precautions, it's possible to avoid associating your real > identity with your email address at all. This means that even From and To > can be anonymous. > > Feel free to try it out! https://scramble.io/ > > Here's a more thorough description of my design and my motivations: > https://scramble.io/doc/ > Finally, here's a more thorough description of the technical details: > https://scramble.io/doc/how.html > > Thoughts? > Best > DC >
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
