I am writing an anonymous email client. The main delay has been getting it compatible with the xerobank installer so that it automatically downloads mail credentials and creates the secmod/key3/cert8 PKCS11 databases and performs automatic encryption of the user credentials, locking it with the users' PIN code as the master password.
The design idea is to use an anonymous email server / service, or to take any freemail provider and turn it into an anonymous account (assuming a clean acct). So I decided while I picked up a cold at defcon that I would sit down and finally finish it. It works. It is built using Mozilla Thunderbird. It will contain the Enigmail extension, and a self-contained GPG distribution. It will probably also contain NoScript because it has an html renderer inside it. The program already has a built-in auto-updater from xerobank that will download and install it's own PGP signed updates. The enigmail will be configured to use 5+ keyservers such as mit, sks, pgp, etc. The threat model includes content and context obscurity. Where this meets Tor and anonymity is the question. It is my intention to filter by protocol, blocking all communication that is not using either SSL or TLS. Are there any other considerations we should have, other than blocking updates? Should we force OCSP and cert revokation checking? Is there any reason we shouldn't include the CACert root certificate? Should we scrap Tor and make it use mixmaster? Should we force users to create/import PGP Keypairs? The more I understand email threats/issues over Tor the better. I am aware that there are only occasionally any exit servers allowing port 25, but if we are forcing SSL/TLS, then it won't matter what port they pick. So any preferences for extensions and behavior are welcome. Suggestions will be used to craft an opensource software released under TESLA license which prevents malware / spyware additions, and unauthorized modification for the purpose of commercial profit. This program will be completed today, and ready for testing tomorrow, so the sooner I get comments the better. Arrakis
