[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Basics of secure email platform
On Sat, Aug 10, 2013 at 3:39 PM, Jerzy Åogiewa <jerzyma@xxxxxxxxxx> wrote:
> I like to start a conversation about secure email provider
> If I start new email provider now, how to guarantee security and privacy for user?
> Understanding limitation of email of course!
Within the existing email standards and limitations the world uses today...
Mail services cannot guarantee this, only the user can, and every service
that tries to take/manage responsibility for the user's cleartext body is
both lying and a failure waiting to happen. The user cannot trust any code
provided by the service or give any secret key material/access to the service.
They must encrypt on their own locally with OpenGPG, EnigMail etc and
then insert the output into the mail transport.
> Is there some "best practice" for secure email service?
> Do not host in U.S. is obvious but what more?
The only thing a mail provider can do is apply privacy centered systems
best practice. Logs, crypted transport, access, location, policies, peering
with other mail services, etc. Because almost no one does this, there is
lots of room for new providers to get these basic things right. And the
demand for it just went up.
If you get that right, and if the user encrypts, then only the delivery metadata
remains as unfixable. Unless you hold a kill switch and burn the spool keys
when things get spooky.
> Lavabit method was it seems not enough.
We don't know enough about the case to say yet what it was or wasn't
'enough' to be up against.
We do know the system required the user to trust the service with key
material (passphrase), which yields failure every time.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk