On 9 June 2016 at 13:24, Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote:
> On Thu 2016-06-09 15:15:35 -0400, Vincent Breitmoser wrote:
> >> b) synchronizing the complex and changing keystore (pairwise state
> >> between all correspondents) between multiple e-mail clients, since
> >> many people use multiple MUAs to access a single mailbox
> >
> > The obvious place to put the data is the mailbox. Mail servers via imap
> > are pretty okay at synchronizing immutable blobs of data, so it should
> > be possible technically to achieve synchronized state among all MUAs.
> > We can also get confidentiality and integrity for this data with a
> > secret shared in all MUAs, like the user's pgp key.
> >
> > But I think there's a catch: We can never reliably *delete* data from
> > the server. This essentially breaks the properties we gain from key
> > erasure ("forward secrecy") in the first place. That's a huge problem,
> > and I'm not sure there is a way to work around it. At least not if we
> > want to be able to read mails from a session established by one MUA in
> > another.
>
> I had the same thoughts, which is why i didn't propose syncing it via
> IMAP -- it seems like a mistake to move the key storage to the same
> server that we're trying to defend against, which is why i see it as a
> serious challenge if we want this to be a useful improvement over
> existing e-mail security features.
>
> :/
>
> Simplest is to start by assuming that this is a one-MUA-per-account
> setup for the initial implementation.
>
> as a strawman: what about an OMEMO- or axolotl-protected pairwise chat
> conversation between MUAs on a single account, using IMAP as the
> transport, where each MUA sends the other MUA updates as messaging
> progresses?
>
+1 Agreed this is the simplest approach that will help the discussion.
-Wei
>
> happy to hear other suggestions,
>
> --dkg
>
_______________________________________________
Messaging mailing list
Messaging@moderncrypto.org
https://moderncrypto.org/mailman/listinfo/messaging
