p2p email: Virtual Email Institutions for Thunderbird

Randolph rdohm321 at gmail.com
Mon Aug 4 18:10:28 UTC 2014


Dear Kent,

yes, maybe the wikipedia entry gives already some information
https://en.wikipedia.org/wiki/Goldbug_%28software%29
you look at the gui presentation:
http://sourceforge.net/projects/goldbug/files/goldbug-im_WIN_0.9.07/GoldBug_Secure_Instant_Messenger_Manual_0.9.07.pdf/download
or just compile it with Qt from SVN to test it yourself:
http://sourceforge.net/p/spot-on/code/HEAD/tree/

These Info could be summarized as follows (please excuse quick writing
and maybe a typo):

(A) Technical Information

(A1) KERNEL EXE TO THE T-BIRD INSTALLER: Adding an out of the box encrypted
and p2p, f2f or server based Email-System to Thunderbird based on the so
called Echo Protocol requires just to run the so called spot-on Kernel.
The Kernel is written in C++ and compiles for all operating systems, the
Qt framework can address. The project files are given for over 6 operating
systems currently so the main systems are easily covered like Windows,
MacOSX and several Linux systems. The Startup of Thunderbird should launch
the Spot-on Kernel. From the gui point of view there could be a path to
the kernel binary integrated or just hide it and await the kernel-binary
next to the T-Bird binary. The kernel should run, when the T-Bird gui is
active, this is just an activate and deactivate of the kernel codeline
when launching T-Bird. That means just compile the kernel to a binary for
the respective T-Bird operating system and add it with the installer to
the path, where the T-Bird-Binary is placed. No gui elements would then be
required for the kernel.



(A2) BOOSTRAP SERVER AND  -PROCESS: The kernel connects to one or several
nodes, which are the p2p network or just one email server. At the app
startup there is (as well next to the binary of the kernel) a txt file,
which represents the server/neighbor IP addresses and port. This is added
to the neighbors-database once for the initial start and then it maintains
these connections after each start.

(A3) MOZILLA SERVER SETUP: When you want to write to a friend, you
just need to be sure,
both, Alice and Bob, are connected to the network or to the same server (or
connected direct to each other) or make sure, the subnets of several
spot-kernel-servers are somewhere connected. That means this kernel is at
the same time the email server and connector to an email server on the
client side.
 From the operational view Mozilla could set up one or two servers
running this kernel, to make sure, each User has the option to connect and
exchange emails. Of course the community would set up further nodes to
support this, which would be a nice new way for a community strategy like
e.g. yacy (with over 300 servers) (or even the tor TOR community) is doing
this.

(A4) P2P-SERVER-COMMUNITY: The Echo protocol sends the message to each
connection and the next neighbor does the same, so even if there is
not one TBird server or other
ultra-nodes as servers connected to one TBird server, the messages would
be hop several times and be present at the addresses node.



(A5) MESSAGE-ENCRYPTION: The messages sent are encrypted in a hybrid
way in this format: SSL (AES
(RSA (Message))): That means, the connection from the T-Bird Client to the
Mail server is a self signed SSL connection . Within this channel you send
the encrypted RSA Message – and it is even possible to define an
end-to-end symmetric encryption, e.g. by an AES. The AES can be
submitted securely over the RSA encryption and through the SSL
Channel. The AES allows then to set a password on each Email Message,
which means, you send an email (encrypted) to a user and it is not
shown, instead a pop up appears and asks you to enter a password. This
passphrase again can be the location where you have eaten the first
time with your wife. You can agree upon that in real life and both
enter the password on each email, if it is from your wife or from you.
Not only the transport is encrypted (SSL/RSA) but also the opening of
the message needs a Password (AES).


(A6) COMPILING AND LIBRARIES WITH QT: As libraries OpenSSL and
libgcrypt are used as is. SQLITE Databases are used to store the
encrypted data. I dont know, if XUL needs to address these all new
with a the c++ gui code or if the Qt gui  c++ code an easily be used
to be written new for a XUL binding. In Detail there are some DBs
created (maybe by the kernel!) and then the GUI can store data into
the DBs.


(B) GUI Elements Information


(B1)  ECHO EMAIL ADDRESS: to be able to write to a friend you need to
know the encryption key of the friend. this is a ciphertext you can
copy out with a button and paste into a textbox. And there is an Add
key button. Indeed the long key has in total 8 keys, while for email
only 2 keys would be necessary, but it would be a suggestion to only
refer to the long key and add this to T-Bird. So this is something the
Address Book should organize. One Paste textfield, copy and add
button. It could be done in a table, where in the first row we have
the @-mail address and in the second row the echo key. then name of
the contact etc.
So the address book would be two buttons, one paste textfield and one
more row added.


(B2) The Gui and the kernel and databases are referring to encryption,
that means the key creation at initial Startup needs either default
values for ciphertype, hashtype, iteration and keysize, or you make
the gui pulldowns for it. I think just Keysize and Algorithm (ElGamal
or RSA), Email-Name and 2x Passphrase elements are needed and a button
to generate and one to log in and a textfield to enter the passhrase.
This would even bring more security approach to T-bird, as the user
needs to enter a password to be able to open the TB-Bird gui. You see,
adding a contact and ecnrytion login/creation are just 3-4 gui
elements each.


(B3) READ EMAIL REPRESENTATION: For the Inbox, sent box and trash box
the T-Bird Gui already have the gui elements. If you look at
Bitmail.sf.net this is  Qt example, how echo email and @-email could
be in one gui hybrid. But all here is parallel and you have two
address books and one write-email form, but not an integrated
approach, as the data for the email message comes from the encrypted
DB. I don´t know, if T-Bird wants to store the Email Messages as well
in encrypted DBs, but maybe an intelligent gui representation can be
found, that a gui table loads all email and handles both, @-email and
echo-email in one table but deriving from two sources, one is the
encrypted echo-DB and the other the current way of TB-Storing the
email. I think this might be worth some thinking, but in the end it is
not much work as three folders, a table with the emails and a reply
button are all you need.

(B4) WRITE EMAIL REPRESENTATION: The write email form in T-Bird is
given, here you need to choose from the address book, to choose either
one name, an send the mail over both methods, or, just choose either
or to send the message out. Sending out the Message the encrypted way
could be the default value and the sending of plaintext- at -email could
give a pop up warning: Hey be careful, you are sending this email
insecure in plaintext over the old method. From strategy this is a
totally new way for T-Bird to define customer orientation in a easy
way. Furthermore I think of Mozilla becoming with one or several echo
server a kind of email provider (see below more regarding echo email
accounts). Last: there could be even a thought about an automatic
exchange of the echo-encryption key, in case I have one to all my
email friends. If they use as well T-Bird, there could be a handshake
protocol, that the @-email address is deleted. When both participants
have the encryption key of p2p email, this should be the preferred
method to send email and both T-Bird apps could delete the @-mail
address from the address book. Why? We want all users to use T-Bird
and no other email client has that, so everyone would recommend to
install T-Bird to be hybrid for a time being, but to switch as well
and later exclusively to the encrypted protocol. Maybe some of you get
the point here: the encryption handling lays not in the key server or
key exchange or choosing the key per each mail. Beyond enigmail: With
the Echo you have the encryption in your contact book. you add a
participants with the key and that`s it. Never care about encryption
details when you get a message, besides you use the additional
password on an email (AES, the email password is called goldbug, same
as the Instant Messenger gui fork project). Summary: for writing you
just need the current mail form and add two radio buttons, send over
echo or over @-mail and then choose one name form the
contact-address-book. Maybe one textfield in case you want to set a
password on that specific email.

(B5) EMAIL-SETTINGS: The echo email settings are just some check boxes
for allowing unsigned messages or to allow caching of friends emails
and how big the database should be. That`s it.

(B6) EMAIL SETTINGS ADVANCED: The settings have one hand full of gui
icons more, if you want to add them, could be done in a second step as
well. The Advanced option is to create some so called "Email
Institution". Here you define a virtual email cache. In the method
above Alice and Bob connect to a third common node (e.g. an always on
webserver or friend) and this third node stores the emails for the
offline partner. In Email Institutions you do not need any direct IP
connection and just need a MGENT URI link with some encryption values.
If Alice and Bob enter this Magnet, and the Creator of the Email
Institution is adding the Key of Alice and Bob, the Institution is an
Email Provider an Alice and Bob can query it like an imap or pop3
email box. But: they don't need a direct IP connection to it. The gui
elements need just a textfield to add the magnet and an add button. To
create the Institution you need a create button and 4 values for
encryption and hash value and types.


(B7) Thats it. nothing else is required in regard of gui elements. The
processes are given as a reference model for the Qt/c++ binding and
maybe easily can be transferred to a c++/XUL binding. You see, its
just a dozen gui elements for the gui.



(C) WHY - Strategy Information

(C1) COMMUNITY APPROACH: T-Bird once was declared as optional and dead
and lost the established developers. The new strategy was to make it
more convenient, maybe add chat to is, but neither the messaging
plugin nor the calendar plugin has been added as default. A p2p
community could bring a new direction to T-Bird, as the development is
currently the community development and not the company or core team
of 2 developers. BE what your shape is. T-Bird is not company, T-Bird
is community. Let' s bring T-Bird into the hand of the community for
p2p email. Just fill your share what you are already. Give it a new
start a new direction and we create a new market entry with that.

(C2) EVERONE ENCRYPTS AFTER SNOWDEN: In the age after Snowden
encryption is essential. All teams, all IT departments and all Apps
are thinking about encryption. See the automotive development, it is
in slow steps, but it is continuous, T-Bird cannot close the eyes for
encryption. If you don't decide for the echo p2p encryption, these
thinking together might have an effect for a better enigmail
integration - what the hell. That´s good too but not what is suggested
here and I tested a lot with the p2p email suggested here and would
like to test with you as well the T-Bird integration. It is really a
cool out of the box tool, which allows to have some cool features and
modern encryption details. T-Bird should think about the overall
surveillance and add more encryption. It is the image of a social
responsibility we want to mirror to the community.


(C3) FUTURE PERSPECTIVES BASED ON NEEDS OF GENERATION Y: Further
development: Next to the EMAIL-XUL gui, which would be the first step,
we could think to add as well presence and Instant Chat to the Email
Client.  And this would be serverless (in thinking of a central server
dictation) and uses the same spot-on kernel. Or does instant bird tell
you that their chat servers do as well the emailing? Next to Chat as
well group chat would be a perspective. But that is just thinking, as
T-Bird currently stands for Email and not Instant Chat, but who know
the customer needs of today exactly ? mobile and cloud first? Whatsapp
instead of SMS first? and Whatsapp instead of Email? T-Bird must stay
attractive for the Generation Y and Twitter generation. Currently the
Email generation is still there and has the power to implement p2p
email - which later could be discussed to extend with given client
kernel and set up email server structure to use this as well for 1:1
or group chat.

(C4) ENCRYPTION EXCLUDES WEBBASED EMAIL GUIS -TAKE THE BALLON FOR
T-BIRD CLIENT: A movement to Decentral Email Providers is needed
today, where only a hand-full of free email providers is given. No one
sets up an domain with email if you are not an expert. Many many users
of T-Bird are just using the monopolistic email providers, which offer
a webbased gui. Encryption always must be in the own client, to enter
the passwords and store encryption keys. When encryption should be
done proper, there cannot be a web-based email interface, when do do
not trust third party. If we have the movement to step back from
web-based email interface guis (because we cannot trust them in the
movement of encryption), then the encrypting client is the right
solution and brings more users to the T-bird as client. Take this
chance to strengthen the need for an email- client installation:
T-Bird.

(C5) BE FLEXIBLE AND START FROM SCRATCH EVERY DAY: Development never
stops, Nokia has and soon MS will be gone, because the old tanker was
not adjusting to new needs. Just start writing T-Bird from scratch
new, like VLC has done for the Qt Framework. Well, Gecko is still the
old? Or was it webkit, which has been abandoned? we have with one
kernel added and a few gui elements just a small need for adjustment
with a great effect - It defines a totally new T-Bird experience,
identity philosophy and community involvement, if the presentation is
then done right based on the new codings.

See, users want to see, that something is happening. Emule has no
release since years and the downloadcount has gone down dramatically
from 38 Millions per month to just a fragment of a million.

Well, download counts are not the real value, but p2p email is a nice
research object and with the suggested kernel we have a very good
implementation which has never been seen. I just want to see the
T-Bird Team as an adaptive Team to new development, that´s why it
makes sense to step a little bit into this direction with the lowest
efford to code. We even could make the 12 gui elements more lean and
still have some processes to code, but it could be done within a few
months, if all agree upon.


(C6) DEFINE US NEW AS A TEAM: It would create a nice team thinking
with new spirit. Lets define it, where we stand as a team on this
list. Read the email for the Contact Manager guy who asked for a
colleague and of course, two old developers have been chassed and a
new team has been build. The team lead and experts and champions and
open source contributors have changed in intense. Its time for a
relaunch and a new come together.



The idea and suggestion is to evaluate the p2p email options and
integrate a minimalistic approach.

Any comments, questions or ideas based on this? I would like to bring
this forward with you, because I like Thunderbird and encryption and
secured writing is really important today. Maybe someone want to test
the qt client to get a feeling for the handling, feel free to send
your key.

Thanks regards Randolph



2014-08-04 1:44 GMT+02:00 Kent James <kent at caspia.com>:
> Could you give a little more introduction about what this protocol is, and
> why it would be interesting for Thunderbird?
>
> :rkent
>
>> Hello on this list,
>> Blake recommends from the other dev-app-list to ask here in specific
>> for adding the spot-on kernel for encrypted
>> p2p email and virtual email institutions, is anyone please interested
>> to evaluate it? If there are questions I can help as i have tested a
>> lot and know the functions, code and architecture.
>> http://sourceforge.net/p/spot-on/code/HEAD/tree/
>>
>> http://sourceforge.net/projects/goldbug/files/goldbug-im_WIN_0.9.07/GoldBug_Secure_Instant_Messenger_Manual_0.9.07.pdf/download
>> plus links below. Would be great to have - next to what the bittorrent
>> people do with "bleep" p2p messenger -
>> http://forum.bittorrent.com/forum/119-bleep-feedback/
>> a p2p email in TBird - the spot-in kernel one is really good working
>> and fully encrypted. Important today for easy crypto based on
>> libgcrypt and openssl.
>> Thanks for a feedback, if cpp is easy connectable to XUL like Qt.
>> Regards
>>
>>> https://en.wikipedia.org/wiki/Goldbug_%28software%29
>>> http://bitmail.sf.net  is a p2p email Client.
>>> SVN of the kernel: https://sourceforge.net/p/spot-on/code/commit_browser



More information about the tb-planning mailing list