[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Basics of secure email platform

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Basics of secure email platform
From: tor@xxxxxxxxxxxxxxxxxx
Date: Sat, 2 Nov 2013 13:50:18 +0100 (CET)
Comments: This message did not originate from the Sender address above. It was remailed automatically by anonymizing remailer software. Please report problems or inappropriate use to the remailer administrator at <abuse@xxxxxxxxx>.
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 02 Nov 2013 08:56:15 -0400
In-reply-to: <959EC42C-D9F5-49E0-92EE-CB0B0DA79F72@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <959EC42C-D9F5-49E0-92EE-CB0B0DA79F72@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

> I like to start a conversation about secure email provider... If I
> start new email provider now, how to guarantee security and privacy
> for user?

Before becoming a secure e-mail provider, first you should understand
how users can best protect themselves.

Users should not relay outbound messages to someone elses SMTP server.
That's needless leaking.  They should run their own mail server.

>From the standpoint of a *user* running their own mail server--

Ideally, when a mail server sends a message, it takes the most secure
path first, and downgrades the security as needed until the message is
sent.  This means it should make attempts in this order:

  1) Create a list of tor exit nodes that do not block port 25
  2) Command the tor daemon to exit those nodes exclusively.
  3) Send the message SSL over Tor, direct to the recipients mail server.
  4) If that fails, SSL without Tor direct to the recipients mail server.
  5) If that fails, send in the clear direct to the recipients mail server.
  6) If that fails, send in the clear to the recipients mail server
     via non-blacklisted relay.

Postfix is too limiting to be able to handle the above job.  This is
the *real* problem for tor users.  If you want to work on a project to
improve users e-mail security, work on the tooling problems.

If you're really determined to simply be just another e-mail provider,
examine hushmail.com, countermail.com, and safe-mail.net first.  Those
providers are on the right track, because they give a means for
novice users to have end-to-end encryption.  Darkmail is also
something to keep an eye on.

> Do not host in U.S. is obvious but what more?

Also make sure the owner is not a U.S. citizen.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Basics of secure email platform
  - From: adrelanos
- Re: [tor-talk] Basics of secure email platform
  - From: unknown

Prev by Author: Re: [tor-talk] Regarding #8244; Including a string not under authority control?
Next by Author: [tor-talk] tordns incapable of MX lookups (was Basics of secure email platform)
Previous by thread: Re: [tor-talk] New to list and questions about exit nodes
Next by thread: Re: [tor-talk] Basics of secure email platform
Index(es):
- Author
- Thread