[147107] in cryptography@c2.net mail archive
Re: [Cryptography] prism proof email, namespaces, and anonymity
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Sep 13 17:12:51 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 13 Sep 2013 17:12:43 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: John Kelsey <crypto.jmk@gmail.com>
In-Reply-To: <E3712724-9AE8-4A51-9748-4C7BE9E96376@gmail.com>
Cc: "cryptography@metzdowd.com List" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Fri, 13 Sep 2013 16:55:05 -0400 John Kelsey <crypto.jmk@gmail.com>
wrote:
> Everyone,
>
> The more I think about it, the more important it seems that any
> anonymous email like communications system *not* include people who
> don't want to be part of it, and have lots of defenses to prevent
> its anonymous communications from becoming a nightmare for its
> participants. If the goal is to make PRISM stop working and make
> the email part of the internet go dark for spies (which definitely
> includes a lot more than just US spies!), then this system has to
> be something that lots of people will want to use.
>
> There should be multiple defenses against spam and phishing and
> other nasty things being sent in this system, with enough
> designed-in flexibility to deal with changes in attacker behavior
> over tome.
Indeed. As I said in the message I just pointed Nico at:
http://www.metzdowd.com/pipermail/cryptography/2013-August/016874.html
Quoting myself:
Spam might be a terrible, terrible problem in such a network since
it could not easily be traced to a sender and thus not easily
blocked, but there's an obvious solution to that. I've been using
Jabber, Facebook and other services where all or essentially all
communications require a bi-directional decision to enable messages
for years now, and there is virtually no spam in such systems
because of it. So, require such bi-directional "friending" within
our postulated new messaging network -- authentication is handled
by the public keys of course.
> Some thoughts off the top of my head. Note that while I think all
> these can be done with crypto somehow, I am not thinking of how to
> do them yet, except in very general terms.
>
> a. You can't freely send messages to me unless you're on my
> whitelist.
That's my solution. As I note, it seems to work for Jabber, Facebook
and other such systems, so it may be sufficient.
> b. This means an additional step of sending me a request to be
> added to your whitelist. This needs to be costly in something the
> sender cares about--money, processing power, reputation, solving a
> captcha, rate-limits to these requests, whatever.
I'm not sure about that. Jabber doesn't really rate limit the number
of friend requests I get per second but I don't seem to get terribly
many, perhaps because fakes at most could hide some attempted phish
in a user@domain name, which isn't very useful to scammers.
> g. The format of messages needs to be restricted to block malware,
> both the kind that wants to take over your machine and the kind
> that wants to help the attacker track you down. Plain text email
> only? Some richer format to allow foreign language support?
My claim that I make in my three messages from August 25 is that it
is probably best if we stick to existing formats so that we can
re-use existing clients. My idea was that you still talk IMAP and
SMTP and Jabber to a server you control (a $40 box you get at Best Buy
or the like) using existing mail and chat clients, but that past your
server everything runs the new protocols.
In addition to the message I linked to above, see also:
http://www.metzdowd.com/pipermail/cryptography/2013-August/016870.html
http://www.metzdowd.com/pipermail/cryptography/2013-August/016872.html
for my wider proposals.
I agree this makes email delivered malware continue to be a bit of a
problem, though you could only get it from your friends.
Perry
--
Perry E. Metzger perry@piermont.com
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography