The DarkMail Alliance

Joshua Cranmer 🐧 Pidgeot18 at gmail.com
Fri Nov 1 03:40:14 UTC 2013


On 10/31/2013 9:54 AM, Gervase Markham wrote:
> The founders of Silent Circle and Lavabit, two email vendors who shut
> down their services in the face of US compromise pressure, have founded
> the DarkMail Alliance:
>
> http://darkmail.info/
>
> http://silentcircle.wordpress.com/2013/10/30/announcing-the-dark-mail-alliance-founded-by-silent-circle-lavabit/
>
> (And https://bugzilla.mozilla.org/show_bug.cgi?id=933155 , although this
> bug seems somewhat premature.)
>
> Details seem very sketchy. But I regularly come across more reasons why
> email needs rearchitecting from the ground up[0] and it could be that
> the Snowden revelations are the trigger necessary to do it. Particularly
> if they can come up with a gradual migration path, such as advertising
> support in traditional email headers so that remote clients and servers
> can switch seamlessly.

I have to ultimately reserve any judgement until I see even high-level 
description of details. Automated email security, even if you cast away 
the framework of Internet email, is extremely difficult if not 
impossible, in large part due to difficulties in authenticity and trust 
models. It is made more problematic when you consider that a substantial 
fraction of users have their email provider (presumably untrusted) be 
the same as their email client (presumably trusted), and when you 
consider that major features of modern email implementations rely on 
having access to plaintext of messages at the email provider 
(server-side search, spam/phishing detection, etc.)
> I think someone from the TB or Firefox OS Mail team should make contact
> with them.
I did not sign up for their email distribution list, but only because I 
fear that it would not be a useful venue for technical discussion. I 
personally would decline incorporating any implementation without a 
specification at least as detailed as an RFC.
>
> Gerv
>
> [0] One recent one:
> http://quetzalcoatal.blogspot.co.uk/2013/10/why-email-is-hard-part-2.html
Funny that you cite that post, since the internationalization aspects 
already basically have a solution awaiting implementation; the 
architectural complaints are more fundamental. :-)

-- 
Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist




More information about the tb-planning mailing list