[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Idea for cross freedombox email system not leaking metadata



Hi Jonathan!

Jonathan Wilkes <jancsika at yahoo.com> wrote:
> Does your design include perfect forward secrecy for the pairs
> communicating over SMTorP?

We recommend using TLS over the Tor circuit, and will probably recommend
using a cipher which provides PFS.

However, encryption of the messages themselves (if they are encrypted)
is using OpenPGP, which does not provide PFS. So if the user signs the
message, there is no deniability.

> Also, what is your plan to sustainably fund the GUI work, user studies,
> and the work on professional documentation?  (I.e., those aspects which
> tend to get little to no attention in a free software community like
> this one.)

This is one of the hard parts of the project. We funded our first year
of work using an IndieGoGo crowdfunding campaign, but that is not
sustainable. We're exploring our options and are optimistic, but it is
not a solved problem yet. If you (or anyone) has recommendations on this
front we're all ears.

 - Bjarni

-- 
I make stuff: www.mailpile.is, www.pagekite.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20141020/8a596a0b/attachment.sig>


Reply to: