[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: xB Mail: Anonymous Email Client

To: Dawney Smith <dawneysmith@xxxxxxxxxxxxxx>, or-talk@xxxxxxxxxxxxx
Subject: Re: xB Mail: Anonymous Email Client
From: Scott Bennett <bennett@xxxxxxxxxx>
Date: Thu, 21 Aug 2008 09:47:18 -0500 (CDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 21 Aug 2008 10:47:51 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

     On Thu, 21 Aug 2008 15:31:06 +0100 Dawney Smith
<dawneysmith@xxxxxxxxxxxxxx> wrote:
>Scott Bennett wrote:
>
>>>> The more I understand email threats/issues over Tor
>>>> the better. I am aware that there are only occasionally
>>>> any exit servers allowing port 25, but if we are
>>>> forcing SSL/TLS, then it won't matter what port they
>>>> pick. So any preferences for extensions and behavior are
>>>> welcome.
>>> Here are some suggestions. Some of them ere also mentioned in the other
>>> thread about changing the default exit policy.
>>>
>>> 1.) Block remote image loading
>>> 2.) Obfuscate the data sent in the EHLO so it doesn't leak the hostname/ip
>>> 3.) Even using an obfuscated EHLO, that can still leak information. If
>>> you're using TLS rather than SSL on connect when sending an email, the
>>> exit node can see what is sent in the EHLO. The fact that you send the
>>> same EHLO every time could potentially let the exit node identify you if
>>> you come back. Therefore, although it's not the standard, SSL on connect
>>> on port 465 is preferable to TLS on port 587/25 when submitting email
>>> over Tor.
>> 
>>      IANA has assigned port 465 to another function.  Why do you believe
>> that a conflicting use should be supported or encouraged?
>
>I provided my reasons in the explanation directly above.

     I see an explanation of what would be secure, which it certainly appears
to be.  I don't see an explanation of why that particular port (465) should
be used for mail when it has been assigned to another purpose.  After all,
should we use 995 for SSH?  That would be secure, too.
>
>> I'd stick with
>> 587 and 25 until such time as another mail port is assigned.  If you think
>> that might take forever, you could try campaigning for it, I suppose.  Of
>> course, if a campaign is successful, it might only take forever minus a
>> year or two. :-)
>
>I'll stick with 465 as long as it's supported so I get a completely
>encrypted connection. Given a choice, why would you use 587 over Tor?

     Simply because they *is* a mail port.  I happen to want a smtps port,
too, but one has yet to be assigned.  Stealing a port assigned to another
purpose is not usually justified.
>
>>> 4.) The "Use secure connection" account settings should never be "TLS if
>>> available" as a mitm attack could stop you from negotiating SSL without
>>> realising.
>>> 5.) The "Check for new messages every" option could leak to the exit
>>> node that it is the same client coming back, if you set it to an unusual
>>> value like 17 minutes for example. Changing from the default should be
>>> dissuaded.
>>> 6.) If people use a Torified account alongside a non Torified account
>>> (I'd make it advise people to use a separate profile). But if they do,
>>> do that, then it needs to make sure the two accounts don't share the
>>> same LDAP server.
>>> 7.) Turn off return receipts and Junk filtering
>>> 8.) For convenience rather than security, I'd make it automatically turn
>>> on the options to download the full messages to disk.
>>>
>>> Oh. It would also be nice if you could add a list of keywords that
>>> Thunderbird shouldn't allow you to send in an email, in case you
>>> accidently sign a message with your own name for example.
>>>
>>      Except for the aforementioned push to use the urd port for [S]SMTP,
>> the rest of the above seem good to me.
>
>Pragmatically speaking. 465 is going to be a service provided by many
>mail systems for a long time to come, and it has clear advantages over
>Tor compared to port 587.

     I guess that's sort of the old "possession is 9/10 of the law"
attitude.  It may work, but also has unwanted consequences.
>
>All I'm saying is, the implications of using one over the other should
>be made clear to the user, so they can then make their own decision.
>
     100% agreed.  My concern is only over using a port for mail that
is already assigned to another service.  There are lots of unused, secured
ports (i.e., numbers < 1024) that could be reserved.  Actually, I have no
real idea how much bureaucratic red tape and delay is involved in getting
a port assigned to an obviously worthy function, so my pessimistic time
estimates in my previous message are just my grumbling about bureaucracy
in general.  Please forgive that.  But perhaps it's time to find out about
getting a port properly assigned to smtps.  (I can imagine sighs of relief
echoing around the world when the new assignment gets announced because it
*has* been needed for a long time.)


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

Follow-Ups:
- Re: xB Mail: Anonymous Email Client
  - From: Dawney Smith

Prev by Author: Re: xB Mail: Anonymous Email Client
Next by Author: Re: Tor 0.2.0.30 is released
Previous by thread: Re: xB Mail: Anonymous Email Client
Next by thread: Re: xB Mail: Anonymous Email Client
Index(es):
- Author
- Thread