[cryptography] [Cryptography] Email is unsecurable

Natanael natanael.l at gmail.com
Mon Nov 25 13:20:15 EST 2013


Say hello to Bote mail on I2P.

I2P provides encrypted anonymizing networking, Bote mail provides DHT based
serverless encrypted mailing with public crypto keys as addresses (ECDSA or
NTRU).

http://i2p2.de and i2pbote.i2p (if you don't have I2P installed, add .us to
visit it via an inproxy).

There is also I2P Messenger that is encrypted P2P IM within I2P also using
public keys as addresses.

- Sent from my phone
Den 25 nov 2013 19:15 skrev "grarpamp" <grarpamp at gmail.com>:

> On Mon, Nov 25, 2013 at 1:01 AM, ianG <iang at iang.org> wrote:
> > On 23/11/13 15:30 PM, Ralf Senderek wrote:
> >> On Sat, 23 Nov 2013, David Mercer wrote:
> >>
> >>> But of course you're right about actual current usage, encrypted email
> >>> is an
> >>> epic fail on that measure regardless of format/protocol.
> >>
> >> Yes, but it's about time we do something about that. Do we *exactly know
> >> why* it is such a failure?
> >
> > It's an interesting question, and one worth studying for pedagogical
> > motives.  From my experiences from both sides, it is clear that both
> sides
> > failed.  But for different reasons.
> > Hence, I've concluded that email is unsecurable.
>
> Obviously. It will never be able to escape the non-body
> header content and third party routing, storage and analysis with
> any form of patching over today's mail. And it's completely
> ridiculous that people continue to invest [aka: waste] effort in
> 'securing' it. The best you'll ever get clients down to is exposing
> a single 'To:' header within an antique transport model that
> forces you to authenticate to it in order to despam, bill, censor
> and control you.
>
> That system is cooked, done and properly fucked. Abandon it.
> What the world needs now is a real peer to peer messaging
> system that scales. Take Tor for a partial example... so long
> as all the sender/recipient nodes [onions] are up, any message
> you send will get through, encrypted, in real time. If a recipient
> is not up, you queue it locally till they are... no third party ever
> needed, and you get lossless delivery and confirmation for free.
> Unmemorable node address?, quit crying and make use of your
> local address book. Doesn't have plugins for current clients?,
> so what, write some and use it if you're dumb enough to mix
> the old and new mail.
>
> The only real problem that still needs solved is scalability...
> what p2p node lookup systems are out there that will handle
> a messaging world's population worth of nodes [billions] and
> their keys and tertiary data? If you can do that, you should
> be able to get some anon transport over the p2p for free.
>
> Anyway, p2p messaging and anonymous transports have
> all been dreamed up by others before. But now is the
> time to actually abandon traditional email and just do it.
> If you build it, they will come.
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131125/d2d160c5/attachment.html>


More information about the cryptography mailing list