[messaging] Axolotl for email

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jun 9 13:24:52 PDT 2016


On Thu 2016-06-09 15:15:35 -0400, Vincent Breitmoser wrote:
>> b) synchronizing the complex and changing keystore (pairwise state
>>    between all correspondents) between multiple e-mail clients, since
>>    many people use multiple MUAs to access a single mailbox
>
> The obvious place to put the data is the mailbox. Mail servers via imap
> are pretty okay at synchronizing immutable blobs of data, so it should
> be possible technically to achieve synchronized state among all MUAs.
> We can also get confidentiality and integrity for this data with a
> secret shared in all MUAs, like the user's pgp key.
>
> But I think there's a catch: We can never reliably *delete* data from
> the server. This essentially breaks the properties we gain from key
> erasure ("forward secrecy") in the first place. That's a huge problem,
> and I'm not sure there is a way to work around it. At least not if we
> want to be able to read mails from a session established by one MUA in
> another.

I had the same thoughts, which is why i didn't propose syncing it via
IMAP -- it seems like a mistake to move the key storage to the same
server that we're trying to defend against, which is why i see it as a
serious challenge if we want this to be a useful improvement over
existing e-mail security features.

:/

Simplest is to start by assuming that this is a one-MUA-per-account
setup for the initial implementation.

as a strawman: what about an OMEMO- or axolotl-protected pairwise chat
conversation between MUAs on a single account, using IMAP as the
transport, where each MUA sends the other MUA updates as messaging
progresses?

happy to hear other suggestions,

            --dkg


More information about the Messaging mailing list