[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]



I'm not trying to offend anyone. I was talking about broadcast everything systems in general. Bitmessage is a fine implementation of the broadcast everything paradigm. I'm looking for an
intermediate between broadcast everything and SMTP-over-Tor.

My proposal is essentially: servers form a DHT. Users store their keys in the DHT by key id. The key record also has some additional metadata including where the user wants to receive messages. For short messages, the message is stored in the DHT by its hash. Each user also has a few hash values they check to get message announcements. Senders post an announcement to one of those values at random. Message announcements point to message data.

People who want to be anonymous can connect to any server over Tor, and post or request hash values to/from the DHT. An attacker would have to have Tor compromised and also have that particular server compromised to break someone's anonymity. It's not as anonymous as broadcast everything, but it's better than SMTP over Tor or webmail over Tor.

Using the DHT it is also possible to look up a user knowing only his email address, and then verify the key id. And people who want to exchange big files can get an account on a server, in which case the data is stored in 8MB blocks with no maximum size. People who need to distribute big files pay for the server capacity, and small anonymous messages free-ride, with
a proof of work to prevent spamming.

Mike

>This is pretty similar to receiving a Usenet feed in the old days, and
>downloading all the messages so as to receive a few encrypted ones. That
>makes for the best recipient privacy, at the cost of bandwidth. From
>what I can tell, Bitmessage basically automates that process.

No, not "Bitmessage", but "the specific use-case for a feature that I
happen to understand and mentioned on this list."

> If it
>moved beyond the Darknet Markets crowd, success would kill it or at
>least require compromising the broadcast-everything rule.

I'll just ask you straight up-- are you talking about broadcast-everything systems in general, or are you giving an assessment of Bitmessage's design and implementation based on (at least) a thorough reading of the 5 page whitepaper?

(Confidential to cryptography list lurkers: IMO we have plenty of Ben Lauries
at this point, and could use a lot more Hal Finneys. :)

-Jonathan

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk