Delivery-Date: Tue, 26 May 2015 19:36:35 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id A445E1E13CA;
	Tue, 26 May 2015 19:36:33 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E89D034B8E;
	Tue, 26 May 2015 23:36:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B7145350BC
 for <tor-talk@lists.torproject.org>; Tue, 26 May 2015 23:36:23 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id lvtNF0vsrBeU for <tor-talk@lists.torproject.org>;
 Tue, 26 May 2015 23:36:23 +0000 (UTC)
Received: from lo.psyced.org (lost.in.psyced.org [188.40.42.221])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "lo.tobij.de", Issuer "lo.tobij.de" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 64DDD34FCC
 for <tor-talk@lists.torproject.org>; Tue, 26 May 2015 23:36:23 +0000 (UTC)
Received: from lo.psyced.org (localhost [127.0.0.1])
 by lo.psyced.org (8.14.3/8.14.3/Debian-9.4) with ESMTP id t4QNaXUZ002135
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
 for <tor-talk@lists.torproject.org>; Wed, 27 May 2015 01:36:34 +0200
Received: (from lynx@localhost)
 by lo.psyced.org (8.14.3/8.14.3/Submit) id t4QNaXIw002134
 for tor-talk@lists.torproject.org; Wed, 27 May 2015 01:36:33 +0200
Date: Wed, 27 May 2015 01:36:33 +0200
From: carlo von lynX <lynX@time.to.get.psyced.org>
To: tor-talk@lists.torproject.org
Message-ID: <20150526233633.GA1790@lo.psyced.org>
References: <CAD2Ti2-qdymrnM-nHqP2sVBYP=notY6sW54dQ1to-KTbkTEY4A@mail.gmail.com>
 <555E2BFC.6000709@rawbw.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <555E2BFC.6000709@rawbw.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Thu, May 21, 2015 at 12:03:24PM -0700, Yuri wrote:
> On one hand, Mailpile is after security, which is great. But on the
> other hand they use node which doesn't sign packages, therefore

What a shame! Somebody please fix this node thing. I can't
believe these nodejs enthusiastos are playing around with all 
kinds of crypto something javascript applications but build 
on top of a house of cards.

I still have plenty of criticism for SMTP and the idea of
doing PGP on top of SMTP but having the server run as a
hidden service from my own laptop gives this architecture
quite a legitimacy boost.

While with a mail system like Pond the few popular servers
can be deanonymized by confirmation attack, then taken over
by authorities and subdued to send traffic shaped messages
back to the users, thus slowly deanonymizing the entire
social graph of Pond users... SMTorP appears to me to be a
better idea.

With both send and reception points on the user's laptop,
an attacker that wants to inject a traffic shape into the
Tor network needs to take over the laptop itself. From my
understanding there is no other place on the network
where that sort of attack would be successful.

If that is true, that would be a great progress. Too bad
that the old problem of both having to be online at the
same time is re-introduced. We could have started using
Retroshare over Tor two years ago to achieve the same goal.
Retroshare looks a little less fancy than Mailpile, but
it doesn't need any pip or node.

Also Framstag's sendfile SAFT implementation can be a neat
quickfix solution. The server is easily pluggable into a
hidden service and provides for mail-like spooling of 
messages and native binary file transfers, without all
the overhead of e-mail.


-- 
  E-mail is public! Talk to me in private using Tor.
  torify telnet loupsycedyglgamf.onion		DON'T SEND ME
          irc://loupsycedyglgamf.onion:67/lynX  PRIVATE EMAIL
         http://loupsycedyglgamf.onion/LynX/    OR FACEBOOGLE
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

