<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body><div>On Tue, Aug 25, 2015, at 19:31, R Kent James wrote:<br></div>
<blockquote type="cite"><p>In one conversation, at the <a href="http://www.oscon.com/open-source-2015/public/schedule/detail/45257">“Open
Messaging Day”</a> at OSCON 2015, I brought up the issue of
whether, in a post-Snowden world, support for end-to-end
encryption was important for emerging open messaging protocols
such as <a href="http://jmap.io/">JMAP</a>. The overwhelming
consensus was that this is a non-issue. “Anyone who can access
your files using interception technology can more easily just grab
your computer from your house. The loss of functionality in
encryption (such as online search of your webmail, or loss of
email content if certificates are lost) will give an unacceptable
user experience to the vast majority of users” was the sense of
the majority.<br></p></blockquote><div>As a lead "voice" on this, I'd like to expand a bit on what I said about it, and also address the next point.<br></div>
<div> </div>
<blockquote type="cite"><div>In a second conversation, I was having dinner with a friend who
works as a lawyer for a state agency involved in white-collar
crime prosecution. This friend also thought the whole
Snowden/NSA/metadata thing had been blown out of proportion, but
for a very different reason. Paraphrasing my friend’s comments,
“Our agency has enormous powers to subpoena all kinds of records –
bank statements, emails – and most organizations will silently
hand them over to me without you ever knowing about it. We can
always get metadata from email accounts and phones, e.g. e-mail
addresses of people corresponded with, calls made, dates and
times, etc. There is <b><i>alot</i></b> that other
government employees (non NSA) have access to just by asking for
it, so some of the outrage about the NSA’s power and specifically
the lack of judicial oversight is misplaced and out of proportion
precisely because the public is mostly ignorant about the scope of
what is already available to the government.”<br></div>
</blockquote><div> </div>
<div>Indeed.<br></div>
<blockquote type="cite"><p>So in summary, the problem is much bigger than the average person
realizes, and other email vendors don’t care about it.<br></p></blockquote><div>That on the other hand, is a mis-characterisation of at least the email vendor that I represent.<br></div>
<div> </div>
<div>Basically you have two choices - make it really absolutely impossible to get at any content of any emails, with all the associated inability to pretty much support ANYTHING. Seriously, I've debugged issues where emails were undeliverable if the user had a sieve rule with a regex match in it, and the email size was an exact multiple of 4096 bytes - because it was using in an mmap with slop, and if the mmap size matched exactly, a string read would run off the end of the mapped area.<br></div>
<div> </div>
<div>You can do what StartMail do:<br></div>
<div> </div>
<div><a href="https://www.startmail.com/documents/whitepaper/whitepaper.en_US.pdf">https://www.startmail.com/documents/whitepaper/whitepaper.en_US.pdf</a><br></div>
<div> </div>
<div>Which sounds awesome, except that every time you log in or hold an IMAP connection open (we have tons of customers who hold connections open all the time) then all your data gets decrypted. An NSA or similar attacker will get access at that point if they have compromised the server provider.<br></div>
<div> </div>
<div>MOST people access their email every day. I did some stats to check - over half our users have logged in within the past 24 hours. So it doesn't take long to insert the attack at the vendor end and get access to the data.<br></div>
<div> </div>
<div>Which means that all their crypto is a bunch of expensive security theatre. We do it too, except at the full disk level - for a couple of reasons. One is the "if someone came and took all our servers, they wouldn't be able to read anything" - it's an unlikely risk, but a nasty one. The real win is that we can ship failed disks back for RMA without worrying about leaking data. That's a big win overall, because those things aren't cheap, and shredding them isn't cheap either. So we encrypt all our disks just so that we don't have to shred them.<br></div>
<div> </div>
<div>The incentives just aren't aligned for a real "secure" server. If your attacker has millions of dollars budget, and you're being paid $60/year/user, they'll find a way in. StartMail is compromisable if you can co-opt the Dutch Government, or even just blackmail one of their staff.<br></div>
<div> </div>
<div>(if you can control two of their senior staff, you can get at every account via the key recovery mechanism - you need one of those, or you lose everything when you forget your password - and people forget their passwords).<br></div>
<div> </div>
<div>So we have a choice between an infeasably complex perfect world, or a bunch of pointless theatre. I love the theatre as much as the next guy, but not while I'm trying to work on real security.<br></div>
<div> </div>
<div>Your only choice is to either have full end-to-end encryption (which is really Thunderbird's world - and the only way that it would influence JMAP at all is that you would cut down some of its capabilities that don't make sense if you can't access message metadata on the server, and treat it as a dumb blob transport).<br></div>
<div> </div>
<div>Or you can find a provider that you trust - in a jurisdiction that you feel comfortable with. We at FastMail do provide data to the Australian Federal Police upon presentation of the appropriate warrant (and want to - I believe in the rule of law, and courts, and the whole system. I prefer it to the alternative of total lawlessness, and I don't want to place myself above the courts either)<br></div>
<div> </div>
<div>But what we ARE trying to do with JMAP is counter the rise of proprietary protocols, and the associated consolidation of email into just a few big providers - because that makes dragnetting significantly more simple, and doesn't allow users a good ability to choose between giving up their privacy or not playing at all.<br></div>
<div> </div>
<div>We're also putting significant development effort into the Cyrus server, with a goal of making it easier to run your own server.<br></div>
<div> </div>
<blockquote type="cite"><p>Should this be a focus for Thunderbird development?<br></p></blockquote><div>That is outside my scope as a server side and vendor advocate :) I do quite like the look of some of the stuff the Matrix guys are doing for instant messaging. Perhaps integrating that with Thunderbird and talking to them about an email/MIME transport for matrix messages would be an interesting project.<br></div>
<div> </div>
<div><a href="http://matrix.org/">http://matrix.org/</a><br></div>
<div> </div>
<div>Meanwhile, low hanging fruit... does Thunderbird ever send passwords in plaintext over the wire without you doing an arcane dance in about:config somewhere?<br></div>
<div> </div>
<div>Will it connect to servers with self-signed certificates without you doing a similar dance?<br></div>
<div> </div>
<div>Are you still embedding a giant complex browser engine from an organisation which doesn't give a shit about making sure they aren't breaking your tree or removing things that you depend on, and isn't making security fixes for your branches a priority?<br></div>
<div> </div>
<div>Bron.<br></div>
<div> </div>
<div id="sig567075"><div class="signature">--<br></div>
<div class="signature"> Bron Gondwana<br></div>
<div class="signature"> brong@fastmail.fm<br></div>
<div class="signature"> </div>
</div>
<div> </div>
</body>
</html>