[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Secure email with limited usable metadata

> Thank you for raising this topic once again. Toying with the idea of
> "better" email for quite some time, I think there's direct and practical
> things you can offer,
> > i was thinking about pointing the mx record of the tld to a mail 
> > server that is shared with other individuals. the server
> > is configured to drop incoming non-tls smtp connection from other
> > mail server. On a per account basis, every message that is not
> > encrypted to the public pgp key of the address is dropped, too.
> > users use pop3/smtp over a hidden server to download/send messages.
> See https://github.com/moba/pgpmilter for a small prototype script that
> rejects non-PGP mail. Exim seems to have the configuration option for
> that somewhat built-in.
> I'd go further and forward mail from the mx to hidden services
> configurable by the user.
is torservers.net able and allowed to run this hidden service? a trusted organization is needed to run web-tor relay and hidden service.

> > if inbox size is limited to a few mbs
> I'd maybe want to limit the amount of email a user can *send* in a given
> time span.
right, 20 mails a day will do. the service does not need to be free.

> > any cheap vps
> I would not want to use VPS for a service like this.

> > a trusted umbrella organization is needed 
> Working on something like it.
your effort is very much appreciated.

> > is the tor project or torservers.net interested in running
> > such a service?
> Torservers.net is currently a project under a German non-profit. In
> Germany, ever email provider with more than 10k users has to provide
> lawful interception.
> See
> https://www.bundesnetzagentur.de/SharedDocs/Downloads/EN/BNetzA/Areas/Telecommunications/TechTelecomsRegulation/TechImplementIntercepts/02EUenTRTKUEV62August2012pdf.pdf
how did privacybox.de get around that?

> I'd like to see a full design for it first, and then the components, and
> the configuration for each component, so this is easy to set up and
> replicate by anyone. For example, how do I configure Postfix to relay
> certain incoming mail to a configured hidden service, how do I make it
> so it only rejects non-PGP mail for some accounts, etc.
i am not capable of coming up with this system on my own. anyone else in on this? Jake? codeman?

what about enforcing tls so metadata is reduced? this violated RFC 2487. we are living in dark and dangerous times. maybe two relays could be used, one requiring tls one does not.
tor-talk mailing list