[Freedombox-discuss] Email Encryption Basics

Michael Rogers michael at briarproject.org
Mon Nov 19 23:34:03 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19/11/12 21:01, Jonathan Wilkes wrote:
>> But my mental model of the FBX is a mass-market "privacy 
>> appliance". I get the impression no two people on this list have 
>> identical mental models of the FBX, and I'm not saying that's a
>> bad thing. :-)
> 
> First sentence from the front page of freedomboxfoundation.org: 
> "We're building software for smart devices whose engineered purpose
>  is to work together to facilitate free communication among
> people, safely and securely, beyond the ambition of the strongest
> power to penetrate."
> 
> And the big red letters above that: "Enabling private
> conversations online"
> 
> I believe Eben Moglen described it as something like, "Plug
> freedom in, turn freedom on."  A phrase like "privacy appliance"
> is compatible with these descriptions; a phrase like "send
> plaintext emails from home-- offer varies based on ISP details"
> isn't.
> 
> I'd still be happy to buy a FBX and sent plaintext emails from
> home in the initial stages of its development, but in terms of
> mental models for the "enabling private conversations online" that
> ain't one of them.

I'm sorry if I seemed to be suggesting that the project lacks
definition. That wasn't my intention.

However, broad goals like "enabling private conversations online" are
on a very different level from specific issues like how (or whether)
the FBX should support email. At the level of specific details,
there's clearly a diversity of opinions about what a FBX should look like.

My own personal opinion is that FBX owners will need to use plaintext
internet email for many years to come. There are very many social,
professional and institutional interactions that require an
old-fashioned plaintext internet email address. So, in my personal
opinion, the FBX should support plaintext internet email, while making
it as secure as possible, and while providing more secure alternatives
that can be used whenever backward compatibility isn't required.

The alternative would be to wash our hands of email because we can't
make it perfectly secure. I think that would be a mistake, because
people will use it anyway.

"Making it as secure as possible" could mean many things. It could
mean running SMTP and IMAP servers on the box, with a PageKite-style
proxy to ensure the servers are reachable on any home ISP. It could
mean automatically encrypting outgoing email if the recipient has a
PGP key. It could mean deleting email from a provider's server and
storing it on the FBX. Hopefully there are some other suggestions. :-)

Personally I like the PageKite approach, as I've said before, but I'm
interested in other possibilities too.

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQqsHrAAoJEBEET9GfxSfMX8UH/izFsmUpZPEvoC3XXo9Lh/8Z
RjYLzrHQPzYM9jsIAU6aBeBvUaS0dsR4c3EOVfjarAT9YnG8MuUXFCCumm/DMeuP
w9nFnGkcXtKqN5LYjqB3ix0Z6GCy+6XArsqHbxDnhurW/tw7LwXvPWWoHjFmL4ch
O7TYsrTAV6woCR2Ugqs+RnsElrurpzTEn9nYRNbzP2H6NIJbwQVTPGfXKpqnrTGR
Xmm0kPXtJyKF9sctPx+Fgr69wtLAIDtKG8lZHm9PmOfm/IF4AAANk1WIXHlVD8N1
gGVH63Ba2I1P9g3wTWpKYXjml2FHU+vlzwSjljnadj2PR1U21lJLERiphclUsSs=
=9VB+
-----END PGP SIGNATURE-----

More information about the Freedombox-discuss mailing list