[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: xB Mail: Anonymous Email Client



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Bennett wrote:

>>>>> The more I understand email threats/issues over Tor
>>>>> the better. I am aware that there are only occasionally
>>>>> any exit servers allowing port 25, but if we are
>>>>> forcing SSL/TLS, then it won't matter what port they
>>>>> pick. So any preferences for extensions and behavior are
>>>>> welcome.
>>>> Here are some suggestions. Some of them ere also mentioned in the other
>>>> thread about changing the default exit policy.
>>>>
>>>> 1.) Block remote image loading
>>>> 2.) Obfuscate the data sent in the EHLO so it doesn't leak the hostname/ip
>>>> 3.) Even using an obfuscated EHLO, that can still leak information. If
>>>> you're using TLS rather than SSL on connect when sending an email, the
>>>> exit node can see what is sent in the EHLO. The fact that you send the
>>>> same EHLO every time could potentially let the exit node identify you if
>>>> you come back. Therefore, although it's not the standard, SSL on connect
>>>> on port 465 is preferable to TLS on port 587/25 when submitting email
>>>> over Tor.
>>>      IANA has assigned port 465 to another function.  Why do you believe
>>> that a conflicting use should be supported or encouraged?
>> I provided my reasons in the explanation directly above.
> 
>      I see an explanation of what would be secure, which it certainly appears
> to be.  I don't see an explanation of why that particular port (465) should
> be used for mail when it has been assigned to another purpose.

Me.) Port 465 should be used because it's more secure
You.) Why do you believe it should be used
Me.) Because it's more secure
You.) I don't see an explanation of why you think it should be used.

Errr

> After all, should we use 995 for SSH?  That would be secure, too.

No idea what the point you're trying to make there is. Many services
(including gmail) offer an ssl on connect service on port 465 for mail,
for legacy reasons. I'm just saying, use it if you can. Running SSH on
port 995 really isn't irrelevant to that.

>>> I'd stick with
>>> 587 and 25 until such time as another mail port is assigned.  If you think
>>> that might take forever, you could try campaigning for it, I suppose.  Of
>>> course, if a campaign is successful, it might only take forever minus a
>>> year or two. :-)
>> I'll stick with 465 as long as it's supported so I get a completely
>> encrypted connection. Given a choice, why would you use 587 over Tor?
> 
>      Simply because they *is* a mail port.  I happen to want a smtps port,
> too, but one has yet to be assigned.  Stealing a port assigned to another
> purpose is not usually justified.

The Internet isn't that simple. People who provide a mail service can
run it on whatever port they want. They don't have to justify that
choice to anyone. Stealing doesn't come into it. It can cause
interoperability problems in certain circumstances. This isn't one of
them. I'm not talking in theoretical terms here, I'm discussing the
reality of the situation.

>>>> 4.) The "Use secure connection" account settings should never be "TLS if
>>>> available" as a mitm attack could stop you from negotiating SSL without
>>>> realising.
>>>> 5.) The "Check for new messages every" option could leak to the exit
>>>> node that it is the same client coming back, if you set it to an unusual
>>>> value like 17 minutes for example. Changing from the default should be
>>>> dissuaded.
>>>> 6.) If people use a Torified account alongside a non Torified account
>>>> (I'd make it advise people to use a separate profile). But if they do,
>>>> do that, then it needs to make sure the two accounts don't share the
>>>> same LDAP server.
>>>> 7.) Turn off return receipts and Junk filtering
>>>> 8.) For convenience rather than security, I'd make it automatically turn
>>>> on the options to download the full messages to disk.
>>>>
>>>> Oh. It would also be nice if you could add a list of keywords that
>>>> Thunderbird shouldn't allow you to send in an email, in case you
>>>> accidently sign a message with your own name for example.
>>>>
>>>      Except for the aforementioned push to use the urd port for [S]SMTP,
>>> the rest of the above seem good to me.
>> Pragmatically speaking. 465 is going to be a service provided by many
>> mail systems for a long time to come, and it has clear advantages over
>> Tor compared to port 587.
> 
>      I guess that's sort of the old "possession is 9/10 of the law"
> attitude.  It may work, but also has unwanted consequences.
>> All I'm saying is, the implications of using one over the other should
>> be made clear to the user, so they can then make their own decision.
>>
>      100% agreed.  My concern is only over using a port for mail that
> is already assigned to another service.  There are lots of unused, secured
> ports (i.e., numbers < 1024) that could be reserved.  Actually, I have no
> real idea how much bureaucratic red tape and delay is involved in getting
> a port assigned to an obviously worthy function, so my pessimistic time
> estimates in my previous message are just my grumbling about bureaucracy
> in general.  Please forgive that.  But perhaps it's time to find out about
> getting a port properly assigned to smtps.  (I can imagine sighs of relief
> echoing around the world when the new assignment gets announced because it
> *has* been needed for a long time.)

Yes. It's an unfortunate situation. Nonetheless, the fact of the matter
is that for legacy reasons, there is an SSL on connect service running
for mail submission by many people, which, when combined with Tor is
better than using the "correct" port.

- --
Dawn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrYMLcoR2aV1igfIRAuFbAKChTxxqdB4S5y76gB2Z9jrOLJ9DMACeJJEL
AZ4tg+XWJ+PYbY8MykjExwo=
=X9qu
-----END PGP SIGNATURE-----