[guardian-dev] looking for comments on secure email v2

elijah elijah at riseup.net
Tue Feb 25 12:26:04 EST 2014


On 02/23/2014 11:33 AM, Tim Prepscius wrote:

> So I'm writing a new version of mailiverse...  I'm looking for some
> comments on specific design decisions.

please see my draft report on the 'state of art' in secure email projects:

https://github.com/OpenTechFund/secure-email

scramble.io is probably most similar to your goals, maybe try to join
forces?

If I were to try to do webmail, I would do it this way:

(1) ensure it had support for CORS or postMessage so that code was
loaded from a different site than the data. In think going down the
browser app path is madness, because they you must trust google
entirely. If you don't trust the CA cartel, then use public key pinning
& HSTS.

(2) use a generic encrypted synchronization library for html5 apps like
https://crypton.io (which was just audited by zooko et al)

(3) wait a year for webCrypto api to be deploy by all major browsers so
that it is not folly to try to generate keys in javascript in the browser.

Ultimately, I think the only way to get the security properties that we
need today is to require some kind of custom app be installed. I could
be wrong, but it hard to imagine the browser becoming a secure computing
environment anytime soon. If you are willing to contemplate a custom
app, we would love your help at LEAP (https://leap.se/email).

> I will not run a service.  Everyone runs their own.

As someone who has 13 years experience in helping to run an email
service, you can count me in the category of people who think that
self-hosted email is never going to happen. My analysis is spelled out
in detail here:
https://github.com/OpenTechFund/secure-email#self-hosted-email

On 02/24/2014 09:59 AM, Hans-Christoph Steiner wrote:

> If a native backend is a possibility, I think you should
> use sqlcipher as your backend storage.

This is what Soledad does (LEAP's client-encrypted synchronized
searchable document database https://leap.se/soledad). the local
database is block encrypted using sqlcipher, and synchronized on a
per-document basis, with each document encrypted with its own key and
given a random document id (in a manner that prevents replay attacks by
the server).

-elijah



More information about the Guardian-dev mailing list