On Thu, 06 Dec 2012 18:10:52 +0100 Udo van den Heuvel <udovdh@xxxxxxxxx> wrote: > What type of software would be good to work as a hidden service on a > tor-node to provide something like hushmail functionality? On the backend you just need a normal mail server, e.g. Postfix, exim etc. Assuming you're wanting to provide a webmail interface, that's where the hard work is, and I'm not sure you're going to find anything off the shelf that fits the bill for the reasons given below. > People can use this to anonymously post encrypted mails to each other. This is harder than it sounds because... > Even the admin cannot read the posts. For this guarantee to be plausible, all crypto operations need to be performed client-side and in a manner that cannot be readily compromised by the server. GPG encrypting stuff on the server isn't going to cut it. Hushmail is known to have complied with court orders to release plaintext emails; this wouldn't have been possible if there wasn't a backdoor inherent in the design. You need to get your head around why that is before even considering implementing anything, if you want people to trust your service. > I could dedicate a few GB's to this idea. If it's open to the world, you may wish to dedicate a few PB once the spammers become aware of it. If not, you need to devise a mechanism to restrict signups without compromising anonymity. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012@xxxxxx>
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk