<i>Mobile - Using PGP on a mobile device can be risky, as it requires storing the private key on devices that are likely to have known security issues. Many people recommend against it, as it puts the private key at too much risk.</i><p>ARGH. The whole point of PGP keyrings --- the costliest part of the PGP UX --- is that you don't have to have a single key. If you're terrified of exposing your secret key on your mobile device (which is frankly the most secure device you own), just cut a new key for it.<p>Any time someone suggests a new application for PGP, people come out of the woodwork saying things like "what, you want me to put my PGP key in my <i>browser</i>?" No. We want you to put --> <i>a</i> <-- PGP key there.
While the spirit is laudable—I'm not sure if there's an 'e-mail security' version of <a href="https://craphound.com/spamsolutions.txt" rel="nofollow">https://craphound.com/spamsolutions.txt</a>, but, if there were, then I'm pretty sure that one of the reasons for failure would be "You are a private individual announcing that you will be rolling out a new standard for e-mail in a couple of weeks".
Ok, I'll bite. This is a good post - I am negative on your ability to pull this off, but it's a worthwhile discussion to have IMO<p>* Totally anonymous (ie no metadata trail) communication seems impossible / impractical. If everywhere is the Tor then we massively increase traffic, (not to mention the trustworthiness of "everyone" is a lot lower per unit than everyone currently running a tor node)<p>Anyway, even if a encrypted anonymous message arrives for me, just working out who it's from without any metadata seems complex web of double decryption<p>I do struggle with how anonymity is going to solve all problems with totalitarian states. In the end we need to solve this in the real world of politics and execution squads so we don't mortally worry about letters or emails being read.<p>* there is a lot more here than my tired brain can handle - but my main concern is a simple human one<p>- if secure anonymous comms is "impossible", then I could see levels of secure encryption (sent from my iPhone, sent from my PC hardwired at home that has a secure USB boot on my key ring). But this idea demands that as the recipient I work hard to determine from context if the message is secure - aha it's 11pm in the UK and Adam just mailed me a secure note saying we should give everyone an Owl. Chances are high he is pissed and his mates sent it.<p>Once technology stops helping us make those decisions it's kind of pointless - May as well just keep sending clear text is not an irrational stance.<p>Be interested in the discussion in the morning - cheers<p>* lastly - what email client do you guys use that allows gpg on mobile?!<p>Edit: clean up
The title "The Sinking Ship of E-Mail Security" implies there once was security but there never really was. For the most part, email is more like a postcard than a sealed letter.
From a quick look around, it looks like the best bet on asynchronous forward secrecy that doesn't rely on a (highly) trusted server (one that eg: shares a secret with every sender and receiver, kerberos-style) is something along the lines of "The Text Secure Protocol"[1].<p>No reason why this couldn't be bolted on top of email (send the actual message as an attachment like with pgp/mime). It would probably create a new set of metadata (requests to the recipients "half-key" service/server (locating which could be delegated to SRV records or something similar, with domain derived from the email address) -- but I'm not aware of any other schemes for generating ephemeral keys in a reasonable manner compatible with (semi)asynchronous communications.<p>It does seem like "true" off-line message composition wouldn't be possible (the email client (or client service) needs to go online in order to encrypt/pack up the final message. This means that drafts/messages "in transit" would be possible to recover from the senders device in the case of eg: several mails being written on a flight w/o net access, and a search/seizure before mails could be encrypted to the receiver).<p>All in all, this sounds like a tricky problem... Anyone know of any recent bright ideas in the field of PFS for asynchronous messaging?<p>[1] <a href="https://whispersystems.org/blog/asynchronous-security/" rel="nofollow">https://whispersystems.org/blog/asynchronous-security/</a>
This has really got me thinking about an architecture I had not really considered before so forgive the obvious in this - it's partly aide memoire and partly a contribution to OP<p>- goals of the "new email" should presumably be to reduce the ability of state actors and major comms providers to collect sufficient metadata to conduct mass surveillance for tyranny or profit.<p>as such we can try either<p>- Vast citizen owned mesh networks (ie every smartphone is a ISP)<p>- Anonymity over traditional large ISPs / backbones<p>Anonymity is hard. We <i>could</i> encrypt entire message and then round robin decrypt each incoming message, this would cripple all metadata apart from the TO: field and mean any listener would need to own most entry points to catch the first uptake. It seems difficult - webs of trust, guessing the encryption key.<p>Add in other constraints - all messages in transit and at rest are encrypted - gmail becomes no more than S3 - and we see the end of free email, and weirdly a return to POP3 as the client must store all my mail.<p>If this does exist however, why restrict it to emails - every message format seems similar - MQ and Facebook can all go this way.<p>Mesh networks have even greater barriers to uptake ...
I've thought a lot about this and so far the solutions I've seen put forth (e.g. Flowingmail, Bitmessage, for starters) don't seem likely to get any widespread adoption, and that can be the death knell of anything like this that relies on network effects. Hell, I can't even get people to send me a PGP key <i>even when I refuse to send them important documents without one</i> (they just say they're going to send me one later, then forget about ever getting the document they wanted). It's really not that hard to generate a PGP key, but even motivated people don't do it.<p>My immediate intuitions are that 1.) this is a very hard problem to solve and 2.) if it's going to be solved in any reasonable amount of time, it needs to be bootstrapped into existing, popular methods of communication (such as e-mail). Adding some sort of PKI into the existing e-mail spec would probably be a good start, since it's just not something that people are used to dealing with.
I think of email like a postcard. It's addressed to me, but anyone can read it if they snoop in my mailbox. I don't expect it to be really secure, and I don't do anything that requires real security via email. Simple enough.
Email security is really bad. We have a lot of companies trying to roll out "secure email" every week.<p>There are a ton of problems to solve before one of these actually works, javascript crypto being the least (since HN likes to discuss it...). Backwards compatibility with old email protocols and insecure service is clearly a weak-link in any hypothetically secure service.<p>It would be nice to see a more distributed protocol...where the bulk of the world's email is holed up in a few company's data centers.
Pond (<a href="https://pond.imperialviolet.org/" rel="nofollow">https://pond.imperialviolet.org/</a>) seems to hit some keywords you mention.
I am always scared that if I start signing my emails (the least I can do) they might start looking weird to my friends, family, and colleagues. They may even think that the block of gibberish may be spam. I do like my KDE KMail client which masks the signing information and presents signed and unsigned messages in a sane way.
I would suggest taking a look at I2P-Bote. Although I haven't had it installed for a year at least, I2P-bote seems to be a slow-moving project, with lots of features TBD, but it does hit all the keywords.