[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: xB Mail: Anonymous Email Client



Hello Arrakis
 
thanks for this idea and software. Many replies already in the archive of or-talk.
Some suggestions.
 
I would devide the license question
a) we need an open source GPL email client, which sends only PGP encrypted email
b) we need an underlaying mix network with outproxies, which is could be another license maybe.
(as the mail is encrypted, then no matter which outproxy is used, if open soruce trasnport or not).
The mixing network is hiding the original IP adress. Tor or mixmaster or i2p with recoded outproxies for one port for mail.
 
There are 3 similar projects, which should be considered:
 
NUNTIUS LEO EMAIL
http://nlcreator.sf.net
is developing a Qt Email client, which is sending PGP encrypted emails.
 
RetroShare Email Client
http://retroshare.sf.net
QT as well and has PGP Key pair encrpyted Messaging, instant and offlline.
The offline mail is queued until both clients are online for a handshake. So currently @-mail is not possible, as it is serverless.
 
-> Merge: As retroshare uses XPGP key currently, and a change is soon done to PGP keys, it is a good idea to add Nuntius Leo Email client as well to RetroShare Gui as integration or as a plugin.
 
So the basic concept is, to have an adressbook, which pre-defines your Friends or Mailadresses.
In one Email client, which is based on PGP Keys, you need to swap with your mail-partner the key.
That is no lack, as you can send your PGP key as well over one first unencrypted email (into one special folder for approval it arrives).
But I think it is better encryption is you have no end to end encryption but swapping keys.
Mailinglists then need to be redefined, as you need from each participant the key, tha could be done as well over one first approval/joining email, which all participants sign.
 
Third there is SIMPLE-MAIL as a Firefox addon
https://addons.mozilla.org/en-US/firefox/addon/5593
Telega is the author and is currently coding a XUL gui for retroshare instant messenger, you find it here:
http://retromessenger.sf.net
This library is currently not open source, but the auther may think about that.
XUL allows as well a standalone application.
 
The idea, to join as well in XUL a mail client with PGP keys and the libretroshare Instant Messenger is already placed.
 
You see, 2 Projects, on its way bringing online and offline communication together, both based on PGP keys.
 
That is why you should be compatible to PGP key exchange. Does FirePGP provide this?
Please answer, if you are interested in one or the other project to join the acting persons and projects.
 
 
If one of that projects has been done, it allows, to send PGP email out of the box and maybe as well there is a RELEASE email client, which allows ONLY to send PGP emails (excapt the one incoming folder for approval mails with the PGP key of users, which want to connect to you).
 
 
If THAT is done, then the project needs an underlaying network to maybe spoof the IP adress by a mixing cascade.
It would be good, to have that seperated, so that as well other applications use that mix network,
So that is tor or i2p.
Mixmaster dunno who set those nodes up?
 
Do you really think, mixmaster has enough nodes? Do you really think that a tif-for-tat model is good, so that each one running the PGP-Email-Client should be as well at the same time an Outproxy for other mails? No..
 
And: Regarding webmail: I want an email client, With Tor it is already possible to surf to webmail accounts.
What we need is an email client, so either simple mail, which needs a join and an adresses idea to be made open source, or either Nuntius Leo email client.
 
Do you really want to make a new proxy network only for email-mixture?
More important is to have an GPL open source email client, which is sending by default only PGP-key-Encrypted emails to pre-defined recievers. The mailinglist problem and approval problems are just a question of precesses and approval culture.
 
Then the underlaying network:
Tor is a good idea, if there are enough outproxies.
Otherwise i2p could get an addon in java, to have mail-outproxies only.
third model would be a mixmaster code integrated into the email client, so that each one is an outproxy, but then please consider, that it needs to be PGP encrypted email, so that sending only to-pre-defined recievers is possible, otherwise the outproxies would not be established, and on the other hand: All mails MUST be PGP key encrypted, so that the Outproxies cannot read them,
 
So ideally a good way is to start with retroshare/retromessenger over Tor, to have this online communication established, later then the Nuntuis leo or Simplemail client is ready to be added for serverbased-@-mail.
 
RetroShare itself has played around with i2p, as it solves some internal connection problems, but that was one year ago and now they are solved over STUN. So choose Tor  or Mixmaster, to Spoof the IP adress for offline and online messages.
 
Thanks for a feedback, how you go on
 
Regards Max

 
On 8/20/08, Arrakis <arrakistor@xxxxxxxxx> wrote:
I am writing an anonymous email client. The main
delay has been getting it compatible with the xerobank
installer so that it automatically downloads mail
credentials and creates the secmod/key3/cert8 PKCS11
databases and performs automatic encryption of the
user credentials, locking it with the users' PIN code
as the master password.

The design idea is to use an anonymous email server
/ service, or to take any freemail provider and turn
it into an anonymous account (assuming a clean acct).

So I decided while I picked up a cold at defcon that
I would sit down and finally finish it. It works.

It is built using Mozilla Thunderbird. It will contain
the Enigmail extension, and a self-contained GPG
distribution. It will probably also contain NoScript
because it has an html renderer inside it. The program
already has a built-in auto-updater from xerobank that
will download and install it's own PGP signed updates.
The enigmail will be configured to use 5+ keyservers
such as mit, sks, pgp, etc.

The threat model includes content and context obscurity.

Where this meets Tor and anonymity is the question. It
is my intention to filter by protocol, blocking all
communication that is not using either SSL or TLS. Are
there any other considerations we should have, other
than blocking updates? Should we force OCSP and cert
revokation checking? Is there any reason we shouldn't
include the CACert root certificate? Should we scrap
Tor and make it use mixmaster? Should we force users
to create/import PGP Keypairs?

The more I understand email threats/issues over Tor
the better. I am aware that there are only occasionally
any exit servers allowing port 25, but if we are
forcing SSL/TLS, then it won't matter what port they
pick. So any preferences for extensions and behavior are
welcome.

Suggestions will be used to craft an opensource software
released under TESLA license which prevents malware /
spyware additions, and unauthorized modification for
the purpose of commercial profit.

This program will be completed today, and ready for
testing tomorrow, so the sooner I get comments the
better.

Arrakis