[messaging] Tor Hidden Services in (Cables, SMTorP, Pond)

Eleanor Saitta ella at dymaxion.org
Tue Jun 17 06:04:19 PDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2014.06.14 22.31, Trevor Perrin wrote:
> Some e2e messaging protocols make use of Tor Hidden Services.
> It's interesting to think about what value this adds:
> 
> In Cables [1] and the (work-in-progress) SMTorP [2], recipients
> can run their own Tor Hidden Service.  So if you're online,
> messages can be delivered directly to you without needing a mailbox
> server.

In the past, we've talked about having an optional untrusted proxy
within SMTorP, either for sending or receiving, mostly to deal with
the purely practical problem of both users not being online at the
same time.  Our preference had been use the proxy on the sending side,
as that way the sender can see when their message actually reached the
receiver's mailpile, which we feel broadly maps to existing user
expectations with respect to email behavior.  A receive proxy is also
possible, which would hide user online state (assuming it's running on
a VPS), but would also alter system behavior in a way which may be
undesirable otherwise.

The goal with SMTorP is to provide as much unlinkability as possible
without requiring significant new infrastructure.  The mapping between
a hidden service address and a conventional email address is not
intended to be private, and thus a sufficiently capable observer will
be able to determine when that user receives mail (and, barring a
receive proxy, when they're online, if they test actively), but not
necessarily which user sent the mail.  This is not perfect, but it's a
significant improvement over the status quo, and it retains the
ability to use email for near-realtime alerting (think Nagios) and
similar functions for which email is used by real users.  This maps to
the overall mailpile goal of improving email security as much as
possible within the context of a modern mail client that meets user
expectations about how email works and interoperates gracefully with
existing global infrastructure.

E.

- -- 
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlOgPNMACgkQQwkE2RkM0wrLTQD+OWitLyZDnbXN6Gx0kudjPFqz
ICIK6awuPZSQ0JsuRs0BAJKqWIkN902/5s9ZTxBVvZNbeiC1llrZtbt6kBkVpj0z
=1gk7
-----END PGP SIGNATURE-----


More information about the Messaging mailing list