The DarkMail Alliance

Patrick Cloke clokep at gmail.com
Sat Aug 9 03:24:01 UTC 2014


Bringing back a really old thread, I hope that's ok.

I'm currently at Def Con 22 and went to a talk today on "Dark Mail", which is now called DIME (Dark Internet Mail Environment). There seems to be some real protocol implementations now AND a reference implementation that's (imagine my surprise) based on Thunderbird 24 (their fork is called Volcano). I'm unsure if this has been publicly released.

The reference implementation of the server, magma, supports both SMTP and DMTP and can be negotiated after connection. There's a bunch of technical details about how this is done that I didn't really have time to write down.

I do not have a computer with me to look stuff up, but I think I have the slides on a disc that I can send along. The new protocols implemented are called DMAP and DMTP, the crypto bits ate called signers. The messages are "MIME-like" in that they can losslessly be translated to MIME (except for "MIME boundary information" or something like that).

The UI demonstrated seemed easy to use, but I'm unsure exactly how easy the key management infrastructure is. (It was also a bit in your face if using insecure mail, but that seemed on purpose.) They did mention wanting to fix some thunderbird bugs before releasing 1.0, namely compose in a tab. (Additionally it seemed like they actually managed to add more protocols to Thunderbird! rkent, watch out!)

They specifically did ask for feedback. I accosted one of the presenters and gave my contact info so hopefully he'll get in touch with me next week. It would probably be worth looking over some of their documentation and ensuring fixed bugs are upstreamed (e.g. offering to review patches.)

Thanks,
Patrick

P.S. I can send someone pictures of my notes as a whole, but the mailing list would reject a message that large. I tried to capture the main points here.

-----Original Message-----
From: "Joshua Cranmer 🐧" <Pidgeot18 at gmail.com>
Sent: ‎10/‎31/‎2013 8:40 PM
To: "tb-planning at mozilla.org" <tb-planning at mozilla.org>
Subject: Re: The DarkMail Alliance

On 10/31/2013 9:54 AM, Gervase Markham wrote:
> The founders of Silent Circle and Lavabit, two email vendors who shut
> down their services in the face of US compromise pressure, have founded
> the DarkMail Alliance:
>
> http://darkmail.info/
>
> http://silentcircle.wordpress.com/2013/10/30/announcing-the-dark-mail-alliance-founded-by-silent-circle-lavabit/
>
> (And https://bugzilla.mozilla.org/show_bug.cgi?id=933155 , although this
> bug seems somewhat premature.)
>
> Details seem very sketchy. But I regularly come across more reasons why
> email needs rearchitecting from the ground up[0] and it could be that
> the Snowden revelations are the trigger necessary to do it. Particularly
> if they can come up with a gradual migration path, such as advertising
> support in traditional email headers so that remote clients and servers
> can switch seamlessly.

I have to ultimately reserve any judgement until I see even high-level 
description of details. Automated email security, even if you cast away 
the framework of Internet email, is extremely difficult if not 
impossible, in large part due to difficulties in authenticity and trust 
models. It is made more problematic when you consider that a substantial 
fraction of users have their email provider (presumably untrusted) be 
the same as their email client (presumably trusted), and when you 
consider that major features of modern email implementations rely on 
having access to plaintext of messages at the email provider 
(server-side search, spam/phishing detection, etc.)
> I think someone from the TB or Firefox OS Mail team should make contact
> with them.
I did not sign up for their email distribution list, but only because I 
fear that it would not be a useful venue for technical discussion. I 
personally would decline incorporating any implementation without a 
specification at least as detailed as an RFC.
>
> Gerv
>
> [0] One recent one:
> http://quetzalcoatal.blogspot.co.uk/2013/10/why-email-is-hard-part-2.html
Funny that you cite that post, since the internationalization aspects 
already basically have a solution awaiting implementation; the 
architectural complaints are more fundamental. :-)

-- 
Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist

_______________________________________________
tb-planning mailing list
tb-planning at mozilla.org
https://mail.mozilla.org/listinfo/tb-planning
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20140808/4d76963f/attachment.html>


More information about the tb-planning mailing list