> PFS for message objects, as the description above suggests, is far more difficult, and contrary to the nature of email.
It recommends just rotating public keys every few days with a paranoid mode. A much better solution is to implement the Axolotl Ratchet pioneered by Open Whisper Systems for TechSecure:
I also get the feeling from a glance reading the spec that way too much trust is being placed on service providers. That there is even such a category as "trustful" where the server has access to your private keys is a huge red flag and that was exactly the problem with lavabit: http://www.thoughtcrime.org/blog/lavabit-critique/
Adam Langley's Pond uses it, but I don't know why there hasn't been any progress on that lately. Is the Pond design just too complex/difficult to implement with a good UI, or just because of his lack of time?
I don't really understand why people are trying to reinvent something that has already been figured out. That kind of NIH behaviour is absolutely lethal in the world of cryptography.
Is "Dark Mail" going to be the official name? I am no marketing expert, but I am pretty sure it's not a good name. People associate darkness with negative feelings, thus a lot of people might start thinking that encryption is for hiding "illegal" things, and not for keeping privacy.
And please, don't even try using the silly X.0 naming, as some tech-ignorant journalists started doing over a decade ago.
Besides the naming thing, I wish them the best, as I hope that this will spread and become a new standard, even with the masses.
3 of 5 comments so far mentioning that the name is a mistake. Allow me to make that 4 of 6. Come on guys, authoritarians are going to argue that this is just about defending criminals and terrorists, do you want to make that argument for them?
Call it 'Liberty mail' or something.
Sadly, I completely agree with this. From a wider public relations perspective beyond the realm of hackerdom calling it "darkmail" hands an easy propaganda win to the authoritarians.
Instead of dark scariness emphasise safety, security, protection, freedom, etc.
Not necessarily. Bike shedding refers to arguing about trivial issues. Naming can have a huge impact on how something is perceived so I wouldn't call it trivial.
How many regular users have ever heard of terms like IP, TCP or HTTP? Arguing about naming is the very definition of bike shedding and of course it is trivial.
The spec is pretty intense, I think the first thing to work on is better high level documentation and overview. There is a lot going on with how this proposed system formats, encrypts, signs, routes, and validates.
I've only glanced over less than half of the spec so far, but I'm not convinced of the design just yet. For starters, I'm not sure I fully understand the trust model, or even the baseline limitations on things like one-to-many emails, key exchange, PFS. Before jumping straight into packet formats and field layouts, I want to read more about the basic operational model.
I watched Citizenfour yesterday and one of the really disturbing parts of movie was Lavabit founder talking at European Parliament about why he had to shut it down. I am glad that something good is coming up.
But can we please change name from 'dark' to something like 'secure, encrypted etc'? Dark inherently sounds negative, at least in my part of the world.
He had to shut it down - but as far as I remember, they got the SSL key anyway. None can tell me that providing it in a font size of 4pt would have stopped them. I think that typing 2560 chars is not that hard.
I don't think email encryption will ever be more widespread than it is today. People simply don't care, and even those few that can be convinced to use it will invariably do something that invalidates the whole exercise like bring their key to a public library, use it on their phone, resend the entire conversation in plain text accidentally, lose the key and generate a new one with you having no way to verify that it's not actually mitm, etc. All of this has happened to me.
that's because they think email is already private. They don't understand that it's the electronic equivalent of printing their conversations on billboards and hope nobody will actually look at them. As soon as you demonstrate with a simple sniffer, they are outraged.
We just need "Firesheep for email" and then demand for privacy will explode.
Even after the Sony hack, people don't realize things like their work email isn't really theirs, or email isn't private. If that wasn't a good enough catalyst, I can't imagine what it will take to cross this threshold.
We don't need the general population to understand email security - they use what's available/provided and it'll have to be easy enough that it works in practice. Once there's a viable alternative and financial liability is tied to the pretense of email being secure, suddenly we'll change to the new system.
What's interesting is that it's only liberty minded tech people working on the problem. The next email system will be tailored to protect the user because that's what the designers care about, rather than the interests of other organizations, for example serving legal papers electronically.
The point of DIME is to get providers to implement it, though. The power of defaults is pretty strong. Even just having a icon to click on every message is orders of magnitude better than having to set up PGP.
So who will be able to use this wonderful protocol?
Because I don't think it will be available on gmail(or any other big provider). How it isn't going to end like a pgp right now, when I can sent encrypted emails only to myself, because no one in my circle uses encryption?
I think you are pretty close to getting it right. This spec is Dead on Arrival. This spec will never get traction in a large corporate environment. Primarily because the business has a need to monitor and archive employee emails. As a result no large corporation will ever adopt end to end encrypted email as a standard.
While in the consumer arena Gmail and other ad / user profile supported business' will never adopt this as it limits their access to valuable user data.
I'd love that e-mail encryption became widespread, but I'm doubtful that it'll ever happen. I think keeping private keys private may prove to be an impossible task. Systems are too insecure. Even security experts may fall victim to sophisticated attacks. Let alone the other 99.9% who are not security experts.
Any security measure you take can only make attacks harder. If you have a really determined adversary nothing will protect you forever. Compared to the current status quo e-mail encryption even if the private keys are only kept moderately private would be a huge improvement.
I truly wish them all the best with this project. It would be a momentous win for privacy to have email encrypted by default and easy enough for the general public to use and that is no easy task. Will be interesting to see how this plays out and if they can get some quality email companies like Fastmail onboard early on.
I wouldn't trust anything with the word 'trust' in it. My assumption is that if you have to put some quality in a name (like, say, QualityCircle), then the name is about all of that quality there is in the product.
.info domain, SSL cert but no HSTS, email list subscription posts to non-SSL endpoint, empty forums. Is this real? WHOIS info appears real and it's over a year old, but still...
Who cares what the name is? End users aren't going to see it anyway... Bittorrent has a completely neutral name, yet it didn't stop it from getting a bad rep with people who don't know better, and that bad rep hasn't stopped it from being hugely successful.
The chances of this project succeeding or failing has nothing to do with the name. There are much bigger barriers which they need to overcome.
No reason not to use the same tactics the government uses. Patriot Act? Ha. This frames any attempts to thwart the security by the government as anti-freedom. The "liberty mail" recommendation in here was good too :D
https://news.ycombinator.com/item?id=8821847