[liberationtech] An email service that requires GPG/PGP?
Griffin Boyce
griffinboyce at gmail.com
Wed Aug 14 13:54:43 PDT 2013
So I set up a proof-of-concept server last Friday, which was far
easier than I had pictured. Special thanks to Moritz for his PGP milter
[1], but I'm also customizing a lot of the other security and spam
filter settings.
Short: It should be up for comment in the next two weeks.
Long: I'm recreating the whole setup on a Linode slice and opening it
up for beta signups. I'm *ALSO* considering whether to use Postfix in a
LAMP stack (current), Haraka in a MEAN stack[2], or Lamson in a LAMPy
stack.[3] I'd have to write new filters, but it's .[4] Unfortunately,
serious personal matters are occupying my attention.
There have been some interesting points and questions on both
guardian-dev and libtech (waaay more than I'm highlighting here):
The Doctor wrote:
> This might be a good place to start:
>
> https://grepular.com/Automatically_Encrypting_all_Incoming_Email
Daniel McCarney wrote:
> It might also be a good source of inspiration. Applying GPG at the Dovecot/Sieve
> layer allows rule-based encryption to specific key IDs. That was the main
> selling point for me :-)
I'm on the fence as to whether or not to encrypt all incoming email to
the users' GPG key
adrelanos wrote:
> Why not post messages to usenet alt.anonymous.messages?
That also would be an easy way to map out who is talking to whom, and
how frequently. Unless the individuals made up an entirely new key,
which may remove the ease of use aspect.
Richard wrote:
> how do you make webmail with PGP end to end encryption? I assume you
> could do PGP in javascript but it would be trivially easy for the server
> to steal the users secret keys in that case.
Yeah, and it doesn't avoid "the Hushmail Problem," where the
government orders you to disable crypto for a given person. There'd
have to be (at a minimum) a browser extension or outside program
involved, and at that point, it's just as easy for people to pick a GPG
app/extension of their choice.
best,
Griffin
[1] https://github.com/moba/pgpmilter
[2] http://haraka.github.io/manual.html
[3] https://github.com/zedshaw/lamson [spoiler alert, it's a total pain
in the ass]
[4]
http://projects.csail.mit.edu/gsb/old-archive/gsb-archive/gsb2000-02-11.html
--
"Cypherpunks write code not flame wars." --Jurre van Bergen
#Foucault / PGP: 0xAE792C97 / OTR: saint at jabber.ccc.de
My posts, while frequently amusing, are not representative of the
thoughts of my employer.
More information about the liberationtech
mailing list