[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] Confidant Mail, was re: Mailpile SMTorP



Confidant Mail is another next-gen mail architecture worth a look. You can access servers directly, via exit node, via hidden service, or via I2P. You can have your mail hosted on your own server, on someone else's server, or in the Distributed Hash Table. In the "server" case there is no limit on attachment size. You do not have to be online at
the same time as the recipient.

It's written in Python and uses PyOpenSSL and gnupg encryption. If you are looking for
next gen email over Tor, look here: https://www.confidantmail.org

Mike

On 5/26/2015 4:36 PM, carlo von lynX wrote:
On Thu, May 21, 2015 at 12:03:24PM -0700, Yuri wrote:
On one hand, Mailpile is after security, which is great. But on the
other hand they use node which doesn't sign packages, therefore

What a shame! Somebody please fix this node thing. I can't
believe these nodejs enthusiastos are playing around with all kinds of crypto something javascript applications but build on top of a house of cards.

I still have plenty of criticism for SMTP and the idea of
doing PGP on top of SMTP but having the server run as a
hidden service from my own laptop gives this architecture
quite a legitimacy boost.

While with a mail system like Pond the few popular servers
can be deanonymized by confirmation attack, then taken over
by authorities and subdued to send traffic shaped messages
back to the users, thus slowly deanonymizing the entire
social graph of Pond users... SMTorP appears to me to be a
better idea.

With both send and reception points on the user's laptop,
an attacker that wants to inject a traffic shape into the
Tor network needs to take over the laptop itself. From my
understanding there is no other place on the network
where that sort of attack would be successful.

If that is true, that would be a great progress. Too bad
that the old problem of both having to be online at the
same time is re-introduced. We could have started using
Retroshare over Tor two years ago to achieve the same goal.
Retroshare looks a little less fancy than Mailpile, but
it doesn't need any pip or node.

Also Framstag's sendfile SAFT implementation can be a neat
quickfix solution. The server is easily pluggable into a
hidden service and provides for mail-like spooling of messages and native binary file transfers, without all
the overhead of e-mail.



--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk