[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: xB Mail: Anonymous Email Client
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: xB Mail: Anonymous Email Client
- From: Dawney Smith <dawneysmith@xxxxxxxxxxxxxx>
- Date: Thu, 21 Aug 2008 09:29:49 +0100
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Thu, 21 Aug 2008 04:29:34 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=He5kI0Eed5YgXE/rxUzI1NaT1P/orDEuFtfqVyYSxII=; b=DhhbBsmulqIgezNECp+hjVCzXJVuMHBrRe8YubJLTPCPRTztF6Y9Ec/85c+zUD5uIx Rt8At1nC8FcSX/qkIWa6eAOaGZHiz45/cjRVlfLRb9V/c8dFeQqfsk/ppQUWgShAMhKC W/mFZmwhIpFqOOfyzJOPDWicPBFjT9l5zskTk=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=ZPDNJ3gK6Vy56KNe9/iXIiq7sb+AQ9oedOyQN6L4qbrKd5gCDn9f9faebvFOyJOI1z 1Mn694+EGj4FNW4IG4RnVgxcv1URlngDqM5MdKWOEQNrS96flAP80Hq+kD/npxVsa3WZ vwJJ72yfttuZRyqPNUVD6G1MFYVezi8uGAnSE=
- In-reply-to: <48AC8038.8050907@xxxxxxxxx>
- Openpgp: id=5D6281F2
- References: <48AC8038.8050907@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.16 (X11/20080724)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Arrakis wrote:
> The more I understand email threats/issues over Tor
> the better. I am aware that there are only occasionally
> any exit servers allowing port 25, but if we are
> forcing SSL/TLS, then it won't matter what port they
> pick. So any preferences for extensions and behavior are
> welcome.
Here are some suggestions. Some of them ere also mentioned in the other
thread about changing the default exit policy.
1.) Block remote image loading
2.) Obfuscate the data sent in the EHLO so it doesn't leak the hostname/ip
3.) Even using an obfuscated EHLO, that can still leak information. If
you're using TLS rather than SSL on connect when sending an email, the
exit node can see what is sent in the EHLO. The fact that you send the
same EHLO every time could potentially let the exit node identify you if
you come back. Therefore, although it's not the standard, SSL on connect
on port 465 is preferable to TLS on port 587/25 when submitting email
over Tor.
4.) The "Use secure connection" account settings should never be "TLS if
available" as a mitm attack could stop you from negotiating SSL without
realising.
5.) The "Check for new messages every" option could leak to the exit
node that it is the same client coming back, if you set it to an unusual
value like 17 minutes for example. Changing from the default should be
dissuaded.
6.) If people use a Torified account alongside a non Torified account
(I'd make it advise people to use a separate profile). But if they do,
do that, then it needs to make sure the two accounts don't share the
same LDAP server.
7.) Turn off return receipts and Junk filtering
8.) For convenience rather than security, I'd make it automatically turn
on the options to download the full messages to disk.
Oh. It would also be nice if you could add a list of keywords that
Thunderbird shouldn't allow you to send in an email, in case you
accidently sign a message with your own name for example.
- --
Dawn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIrSd9coR2aV1igfIRAhNDAKCllAhgp2bJpBBpqdfvFz9ysL9fgACgzoCG
zb0P2K9ybh98czG6LWv6I7M=
=hUmD
-----END PGP SIGNATURE-----