[Freedombox-discuss] Idea for cross freedombox email system not leaking metadata

Bjarni Runar Einarsson bre at pagekite.net
Mon Oct 20 07:50:46 UTC 2014

Hi Jonathan!

Jonathan Wilkes <jancsika at yahoo.com> wrote:
> Does your design include perfect forward secrecy for the pairs
> communicating over SMTorP?

We recommend using TLS over the Tor circuit, and will probably recommend
using a cipher which provides PFS.

However, encryption of the messages themselves (if they are encrypted)
is using OpenPGP, which does not provide PFS. So if the user signs the
message, there is no deniability.

> Also, what is your plan to sustainably fund the GUI work, user studies,
> and the work on professional documentation?  (I.e., those aspects which
> tend to get little to no attention in a free software community like
> this one.)

This is one of the hard parts of the project. We funded our first year
of work using an IndieGoGo crowdfunding campaign, but that is not
sustainable. We're exploring our options and are optimistic, but it is
not a solved problem yet. If you (or anyone) has recommendations on this
front we're all ears.

 - Bjarni

I make stuff: www.mailpile.is, www.pagekite.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20141020/8a596a0b/attachment.sig>

More information about the Freedombox-discuss mailing list