We don't need encrypted email so much, we need decentralized email servers with TLS enabled. I have half a mind to launch a service that will take a root password of a newly-created cloud server you own, set up a properly-configured IMAP and SMTP server and hand you the keys.
I am of the opinion that that will do more about email privacy than GPG (as long as you trust your hosting provider, at least).
I was thinking about a system that combined these three properties:
+ Anonymous
+ Distributed
+ Encrypted
For anonymous, I was thinking that the service would be accessible only through Tor or i2p, so that neither the sender nor the receiver can be found out by tracing the message.
For distributed, I was thinking that the mail system would essentially be a freesites-style distributed hash table where the mail address (or a hash thereof) would act as the key. The mail or parts of the mail would be stored multiple times across many clients to eliminate single points of failure. Perhaps a TTL system would prevent old mails from filling up everyone's space.
Finally, the encrypted would be achieved by having the mail address act as the public key (or at least, the mail address is a key to a distributed KV store that contains the public key). This way, before anonymously sending the message to the various distributed hash table buckets, it gets encrypted so only the desired recipient can read it.
It seems like it should be possible to build this from already existing technologies without thaaaat much trouble, though I haven't actually done anything about it.
Of course, getting people to use this would be another story ;-) and I guess people would want contacts lists, archives and so on.
Or, you could just do PGP/MIME + SMTP over Tor hidden services living on home computers, and not invent any new protocols at all. :-) This allows p2p delivery with strong encryption and anonymity of the transmission, while the message content can still be encrypted and signed for verification that you are talking to the right person.
This is currently Mailpile's vaguely planned "maximum privacy" mode, with the backwards compatible fallback being normal PGP/MIME over the normal Internet.
Anonymity from the POV of the sender/recipient is not characteristic of this sytem, and it doesn't give perfect forward secrecy/deniability like OTR. But most people consider anonymous e-mail to be spam. If you need PFS, just use OTR, it works.
(Note: we have yet to do formal threat modeling and this plan may change.)
It will be hard to make Mailpile user-friendly when you have to install it yourself on your own cloud server. But particularly with the end of free Google Apps accounts, I wonder if there is an opportunity here, either as something end-users can install themselves or as something mom-and-pop shared hosting companies can offer instead of their current always-awful webmail. Maybe you could even build a business around an encrypted webmail tool you license to shared hosting providers.
If Mailpile or someone else is going to be self-installed, I'd love to see it built as PHP. (Looks like Python right now.) As much as I refuse to develop in PHP, that seems like the only way to make installation as easy and ubiquitous as Wordpress, which should be the goal.
(I realize that either Mailpile or my own suggestion---or anything hosted on someone else's hardware---is vulnerable to someone reading the data right out of RAM, but it seems like their goal is to evade snooping not by building a 100% secure system, but by making it easy and affordable for everyone to have their own email server, so that government surveillance has too many targets to be practical.)
Our goal is to create something you install on your desktop or laptop. Think Thunderbird, not Squirrelmail. We do happen to be using web tech for the UI, but that doesn't mean it has to live in the cloud.
"Public Understanding of Science" has been a big issue for several decades (maybe even longer?), but I think we'll see progress towards "Public Understand of Cryptography," or at least I hope so :)
It goes deeper than just using some PGP client. You need to understand how it works, to be sure that the bits coming out of your network are encrypted, and only you and Alice know how to decrypt them.
I've been working a little bit on cryptography education issues and so have a number of people I know, but now I'm reminded of Lancelot Hogben's books "Mathematics for the Million" and "Science for the Citizen". Maybe someone will create their equivalents for cryptography!
If you want "public understanding of cryptography," then first you may need to remove a lot of the elitism, posturing, showing off and one-upmanship that surrounds almost any public discussion of cryptography (mostly coming from people who are actually not very knowledgeable). Otherwise the rest of the world will continue assume it is beyond them, not really worth understanding and is something for arrogant nerds to argue about in order to establish who is smarter.
I can tell you that there is no marketing department. They are engineers first and foremost. Check out Bjarni Einarsson's online OSS projects (which are not all he's done).
[+] [-] StavrosK|12 years ago|reply
I am of the opinion that that will do more about email privacy than GPG (as long as you trust your hosting provider, at least).
[+] [-] dkersten|12 years ago|reply
For distributed, I was thinking that the mail system would essentially be a freesites-style distributed hash table where the mail address (or a hash thereof) would act as the key. The mail or parts of the mail would be stored multiple times across many clients to eliminate single points of failure. Perhaps a TTL system would prevent old mails from filling up everyone's space.
Finally, the encrypted would be achieved by having the mail address act as the public key (or at least, the mail address is a key to a distributed KV store that contains the public key). This way, before anonymously sending the message to the various distributed hash table buckets, it gets encrypted so only the desired recipient can read it.
It seems like it should be possible to build this from already existing technologies without thaaaat much trouble, though I haven't actually done anything about it.
Of course, getting people to use this would be another story ;-) and I guess people would want contacts lists, archives and so on.
[+] [-] HerraBRE|12 years ago|reply
This is currently Mailpile's vaguely planned "maximum privacy" mode, with the backwards compatible fallback being normal PGP/MIME over the normal Internet.
Anonymity from the POV of the sender/recipient is not characteristic of this sytem, and it doesn't give perfect forward secrecy/deniability like OTR. But most people consider anonymous e-mail to be spam. If you need PFS, just use OTR, it works.
(Note: we have yet to do formal threat modeling and this plan may change.)
[+] [-] dhotson|12 years ago|reply
How can you build a messaging system where the delivery service doesn't know where to deliver something?
[+] [-] pjungwir|12 years ago|reply
If Mailpile or someone else is going to be self-installed, I'd love to see it built as PHP. (Looks like Python right now.) As much as I refuse to develop in PHP, that seems like the only way to make installation as easy and ubiquitous as Wordpress, which should be the goal.
(I realize that either Mailpile or my own suggestion---or anything hosted on someone else's hardware---is vulnerable to someone reading the data right out of RAM, but it seems like their goal is to evade snooping not by building a 100% secure system, but by making it easy and affordable for everyone to have their own email server, so that government surveillance has too many targets to be practical.)
[+] [-] HerraBRE|12 years ago|reply
[+] [-] prezjordan|12 years ago|reply
It goes deeper than just using some PGP client. You need to understand how it works, to be sure that the bits coming out of your network are encrypted, and only you and Alice know how to decrypt them.
[+] [-] schoen|12 years ago|reply
"Cryptography for the 2⁶⁴"?
[+] [-] pekk|12 years ago|reply
[+] [-] lwhalen|12 years ago|reply
[+] [-] mpyne|12 years ago|reply
[+] [-] contingencies|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] 7mediaws|12 years ago|reply
[+] [-] zokier|12 years ago|reply
[+] [-] AnthonBerg|12 years ago|reply
[+] [-] oldmanjoe|12 years ago|reply