[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: xB Mail: Anonymous Email Client



     On Thu, 21 Aug 2008 09:29:49 +0100 Dawney Smith
<dawneysmith@xxxxxxxxxxxxxx> wrote:
>Arrakis wrote:
>
>> The more I understand email threats/issues over Tor
>> the better. I am aware that there are only occasionally
>> any exit servers allowing port 25, but if we are
>> forcing SSL/TLS, then it won't matter what port they
>> pick. So any preferences for extensions and behavior are
>> welcome.
>
>Here are some suggestions. Some of them ere also mentioned in the other
>thread about changing the default exit policy.
>
>1.) Block remote image loading
>2.) Obfuscate the data sent in the EHLO so it doesn't leak the hostname/ip
>3.) Even using an obfuscated EHLO, that can still leak information. If
>you're using TLS rather than SSL on connect when sending an email, the
>exit node can see what is sent in the EHLO. The fact that you send the
>same EHLO every time could potentially let the exit node identify you if
>you come back. Therefore, although it's not the standard, SSL on connect
> on port 465 is preferable to TLS on port 587/25 when submitting email
>over Tor.

     IANA has assigned port 465 to another function.  Why do you believe
that a conflicting use should be supported or encouraged?  I'd stick with
587 and 25 until such time as another mail port is assigned.  If you think
that might take forever, you could try campaigning for it, I suppose.  Of
course, if a campaign is successful, it might only take forever minus a
year or two. :-)

>4.) The "Use secure connection" account settings should never be "TLS if
>available" as a mitm attack could stop you from negotiating SSL without
>realising.
>5.) The "Check for new messages every" option could leak to the exit
>node that it is the same client coming back, if you set it to an unusual
>value like 17 minutes for example. Changing from the default should be
>dissuaded.
>6.) If people use a Torified account alongside a non Torified account
>(I'd make it advise people to use a separate profile). But if they do,
>do that, then it needs to make sure the two accounts don't share the
>same LDAP server.
>7.) Turn off return receipts and Junk filtering
>8.) For convenience rather than security, I'd make it automatically turn
>on the options to download the full messages to disk.
>
>Oh. It would also be nice if you could add a list of keywords that
>Thunderbird shouldn't allow you to send in an email, in case you
>accidently sign a message with your own name for example.
>
     Except for the aforementioned push to use the urd port for [S]SMTP,
the rest of the above seem good to me.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************