[Freedombox-discuss] Email Encryption Basics

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16/11/12 07:35, Eugen Leitl wrote:
> Most attempted delivery from dynamic user space will bounce, and
> requiring smarthosts clashes both with the zero administration
> requirement and adds an additional point of attack.
> 
> There is no really good way to interoperate with mail delivery on
> the greater Internet, so I would just make FBX a part of a working
> darknet, e.g. cjdns (which allows you some limited anonymity, yet
> ability to de-peer offenders), and just let postfix additionally
> accept everything from within fc00::/8.

I think this is way too pessimistic. Yes, it's unrealistic to run an
incoming or outgoing mail server on a dynamic home IP address, but a
PageKite-style proxy would work.

Alternatively, the FBX could act as a PGP proxy for an existing email
account: the FBX would encrypt email before sending it to the existing
account's SMTP server and decrypt it after collecting and deleting it
from the existing account's POP/IMAP server. No email would be stored
long-term on the provider's servers, which is a legally important
distinction in the US. The FBX would use Tor to store and retrieve PGP
public keys on multiple independently operated keyservers, making it
difficult for any keyserver to replace a user's key with a MITM key
without detection.

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQpiCcAAoJEBEET9GfxSfMJXMIAJ97HBwbi6P8fnHwfnEDc6lg
xmAnYNG52IwYbnxKs5n5IyHmQy0uenH7WBCeFfPyDjhuJai66gsiS9SbH6GSMbHq
UYpkPdpGgRNJeJPxMB2NgyuUGZbB/A3HB6hYd2z8Tgno+cDtS2hjz7+GkK623/zj
djgUw4u/OaMaSFkeCSUhMeIj21CdW4Qu0Be+orTR4s9LYcTRt/Y0bywWD3gMOTe7
QGrqyMSLUCRbRavd6sdLejplA75fj06fL5G1KS1X0KMqLAEujOnkYnHKaFIUo08A
ejWNidUz7ihCz1ScloMWGxjO3ZiUHEmquG1v/xEOwvYBT/lHMbRyVMvxWVefnPQ=
=kdRz
-----END PGP SIGNATURE-----