p2p email: Virtual Email Institutions for Thunderbird

Randolph rdohm321 at gmail.com
Mon Aug 4 21:24:12 UTC 2014


Hi Joshua,
good that you thought already about how to strengthen encryption in T-Bird.
You are a non-mover, right? Doing the basics with great efford and
emphasis, focussing the obstacles within new ideas and not prepared to
through your done research away and request a branch playground for
others instead of adding yourself to the sandboxes? Kidding... As
said, I appreciate if encryption is fostered.
The echo protocol is more: it allows users to create own servers
easily, is fully encrypted without any interface or securtiy handshake
thoughts as plugin solutions like pgp offers and has new thoughts
about graphs and connectio- metadata. Please see adaptive echo
described in the Wikipedia.
Your reply ist most about strategy. :) So you are one of the leaders
of this for Thunderbird? I suggest to integrate the supporters of
T-Bird more in your research, these people are very helpful, as well
for you. So my request would be to think together about encryption.
What are your ideas and findings in research about Cryp-to-Bird?
Should we test some encryption methods? I did not change the subject
of this reply to: "Re: Cryp-to-Bird (was: p2p email: Virtual Email
Institutions for Thunderbird)" *)

Hi Kent,
as Joshuha said, chat is present, but neither OTR nor encryption, the
question wether the spot-on kernel handles chat or email is easy: it
does both, and the request is to first start with email type.
I would love to moderate a strategy workshop for T-Bird, unfortunately
my english is not the best to handle that and I would recommend you an
external moderator, as I suggest a particular merge. But funny to
hear, that the strategy is defined and was and is still the main
process to get all on the same page. I see the main problem not in
implementing of or the work for p2p email, but in the decision making
process - which requires a moderation method and not info about the
how to do, it is about the why.
Yes, different options for the next gen email exist. Exclude the
Webmail, plugins and see what applications remain already using the
echo protocol or similar features.
Who will be responsible for the research results presented before
October on this, so that everybody knows what we talk about? I did a
lot of research here too and I made a suggestion, and would love to
help through this process and I am as an external tester for over one
year quite familiar with the processes of the Qt code. We could share
.. echo is based on lbgcrypt known from GnuPG and OpenSSl and thus
implements it according to RFC 4880 of the OpenPGP-Standard respectice
is Certified according FIPS 140-2 (Federal Information Processing
Standard).
The wrap of the message SSL (AES (RSA [or ElGamal] (Message))) is of
course a quite new implementation called echocasting, like full echo,
half echo, adaptive echo and echo accounts (please read that up in the
wikipedia). I doubt that any other p2p email nor smime has these
options.
As the current code release seems to be an open source and
non.commercial project, it must be a spare time interest.
Your footnode regarding setting up a server is not a problem,
donations for one server are foreseeable.
I like your references for successful merge and strategy discussions,
I hope the p2p email is a good result in october as well and Joshua is
open for p2p and encryption with a good contribution on it. Joshua,
you play an important role on this and I would like to test with you
the key and connections. I will send you my key in another email,
please tell me first, if you install the binary or build the current
svn yourself.
Regarding accounts you dont need any specific, this is solved with the
kernel and the idea was to offer an email provider server with the
spot-kernel where you offer accounts to the user e.g. by paid accounts
(which means to send them a password and accountname, currently
manually to do) (but I guess your reference is more about handling
different email accounts).

Hi Patrick,
yes, Florian answered about the chat feature request as website url
and as this is in T-Bird given, we need not to talk any further about
chat based on the echo kernel in T-Bird, except you agree in October
as well on encryption for Instantbird, which could be OTR or anything.
To Blake I talked half a year about this request, you can read it up
in the first email on this list. Yes, it´s not new, but more mature
now and its a good time to ask T-Bird about p2p email, encryption,
maybe chat encryption, and a strategy all can agree upon.

Don´t know if others will reply to this "thread" (cool word right?) so
my hint for now is, that those established keypeople agree fast on not
doing it, because it is work, they have not grown up on that stuff and
dont want to through away their researches and security, short: power.

Maybe all others have an some contributions too, and on the meeting
maybe Aceman, Hiroyuki, Suyash and Blake (his comments see in the
first mail) might be summarizable too.

So it (innovation, as always) needs definately some promotors and
moderators to get the new into the world. Would it be an expectation,
that each of the 18 participants prepares for October a presentation
about
- p2p options in T-Bird for community strengthening
- one appliation from the github collection:
https://github.com/OpenTechFund/secure-email
- encrpytion convenience

Who created that agenda for October? I could offer to refine it a
little bit in a person to person email discussion.

I think it needs a one day session about everyone contributing in
educating us about own findings for next gen email apps, p2p network
community and encryption convenience besides the for years not used
approaches.

Further from rkents proposal it is quite clear:
(1) lightning calender must be default shipped (suggest to add this
into the installer already in an August package release).
(2) The relation to "mother" and not living at home anymore is still a
nightmare (and could end in either give us a paid developer or we turn
way into the community) (Is there any financial report on how much
Mozilla pays on T-Bird not and what the paid worker has been done?),
(3) security challenges (means mainly encryption) is printed already bold.

Dont use 1+2 as a warmup discussion, it takes too much time. Start
with presenting your *prepared* encryption results and discuss
offering T-Bird for ONE Dollar per download (could be done by an
account check with the gui login with passphrase or by selling echo
accounts to the p2p server).

Many stuff to talk about - some results should be prepared in advance.

Kind Regards and good luck.

PS:*) because p2p email and community is the strategy-goal next to
encryption. T-Bird is and will ever be a product of Mozilla, first it
is made by and for the community. (and I mean community, not customers
or users, we need to adress those, who like to contribute, with an p2p
email server or dollar for an account to a zero-knowledge email
server). Are you ready to accept, that plaintext emailservers are
outdated and T-Bird needs a zero knowledge email server approach?
Ideally without a plugin (more in the sense for the transportation
way, not for the application).



More information about the tb-planning mailing list