[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] "Confidant Mail"



SSL: I get it, a lot of people think I should have SSL support on the website. I will look into it.
Until then (and even after) check the sigs. Nuff said.

>Back to Confidant Mail: interesting project, kind of reminds me of
>BitMessage, though it seems to be more usable (by far).

I looked at those and they look like pure "privacy nerd toys." Which is fine
for what it's worth. I am trying to walk the line between serious business tool (replacement for dropbox and various commercial secure email) and privacy toy.

That is why I have things like server pairing for high availability, and DNS key lookup.
You can also forward a message with the signature, and the recipient of the
forward just clicks a button to verify the original sender's signature.

>Might be interesting to see how it might be linked to something like
>Syncthing[1]
>
>Just one thought: as it uses UDP, *traffic* won't go through Tor, right?

The UDP is used for server to server peer to peer network, mostly for key distribution. Keys can
also be distributed via DNS without any need for peer to peer.

The client to server communication is TLS encrypted TCP and that will definitely go over Tor or I2P. Support for both is built in. The server to server communication also works over Tor or I2P.
Several models are possible:

client -> Tor -> hidden service -> public server
client -> Tor -> exit node -> public server
client -> private server -> Tor -> public server (hidden or exit)

You can do true peer to peer mail by hosting your own server (even on your laptop.) Entangled (peer to peer) accounts have limited message size. Server accounts can email large videos, DVD images, etc. There is a blocking protocol like Bittorrent. Biggest thing I have tested was 10 GB. Took a while but worked fine.

Suppose a non tech reporter wants to interview an anonymous source. The reporter who has no Tor client can send a message via her commercial service provider. Her provider's server sends through a Tor hidden service to some other server, which the anonymous source accesses via his own Tor client. This protocol lets "normal people" and anonymous techies freely communicate for the first time.

Once there are commercial service providers up, anyone will be able to pay a few bucks and get online immediately. At the moment there is one free service provider (mine) which you can also join immediately and start testing.

Mike


On 2/3/2015 9:58 PM, CJ wrote:
On 02/04/2015 06:19 AM, Seth wrote:
On Tue, 03 Feb 2015 20:01:36 -0800, Andrew Roffey <andrew@roffey.org>
wrote:
 - there is a cost of obtaining HTTPS signatures.
Not certain if the deal is still being offered, but for quite a while
you could get a free TLS/SSL certificate good for one year when
registering or transferring a domain to namecheap.com

Then if you needed to renew it, or just buy more, you could pick them up
for $2/yr just by purchasing another qualifying product, such a year of
whoisguard for $2.88.

Point being, the cost of certificates can be negligible if you know
where to look.


not to mention StartSSL and their free certificates… Well, ok, maybe not
the cleanest and trustworthy thing, but you can still provide the CSR,
meaning you own the key. And they support 4096b with sha2…

Back to Confidant Mail: interesting project, kind of reminds me of
BitMessage, though it seems to be more usable (by far).

Might be interesting to see how it might be linked to something like
Syncthing[1]

Just one thought: as it uses UDP, *traffic* won't go through Tor, right?


[1] http://syncthing.net/

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk