TiagoTiago
|
|
August 15, 2013, 05:39:22 AM |
|
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
But how would you know if they have a key in the first place? You'd have to negotiate that beforehand. Isn't there something like OTR but for email?
With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP? I mean something where the two ends negotiate an encryption over unsecure lines in a secure manner; while providing the option to fall back to plain text if the other side refuses to go secure. Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP. With GPG/PGP the email client has no clue whether the receiver has or hasn't means to read encrypted data until the user tells it... Okay I see what you mean. Unfortunately building a system like you mentioned requires a 'failsafe' for decrypting the messege then sending plaintext if encrypted message can't be decrypted by the receiving party, an inherently insecure action. OTR cannot do this either, so curious as to why you 'said similar to OTR for email' but then responded as you did? Last i checked (not recently) OTR did indeed allow you the option of using plain-text if the other party didn't had OTR
|
(I dont always get new reply notifications, pls send a pm when you think it has happened) Wanna gimme some BTC/BCH for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!
|
|
|
jedunnigan
|
|
August 15, 2013, 06:01:17 AM |
|
Given that you have to use someone's key to encrypt a message, it would be safe to assume they had software to generate and handle said key.
But how would you know if they have a key in the first place? You'd have to negotiate that beforehand. Isn't there something like OTR but for email?
With a diffie-heilman agreement specifically? Or are you talking about GPG/PGP? I mean something where the two ends negotiate an encryption over unsecure lines in a secure manner; while providing the option to fall back to plain text if the other side refuses to go secure. Yea for email GPG/PGP. For IM OTR, for VOIP ZRTP. With GPG/PGP the email client has no clue whether the receiver has or hasn't means to read encrypted data until the user tells it... Okay I see what you mean. Unfortunately building a system like you mentioned requires a 'failsafe' for decrypting the messege then sending plaintext if encrypted message can't be decrypted by the receiving party, an inherently insecure action. OTR cannot do this either, so curious as to why you 'said similar to OTR for email' but then responded as you did? Last i checked (not recently) OTR did indeed allow you the option of using plain-text if the other party didn't had OTR Disabling your OTR or telling it to resort to plaintext if encryption is not available is a feature, yes. In the latter scenario OTR first sends a key message, and if they get no response the user can decide what the default option is (retry key exchange or send plaintext). This is dependent on immediate communication between the two recipients. This would only be possible via email if the person sending the email sent it encrypted, then got a response from the recipient that they don't accept said encryption and then a plain text message will be sent. If you mean can the user send two messages at once, one encrypted, the other not, both in one larger encrypted container, the outter shell of which can be decrypted by the recipient without a special plugin and not seen by an attacker... I don't know if that is possible.
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
August 15, 2013, 07:09:40 AM |
|
|
|
|
|
jedunnigan
|
|
August 15, 2013, 07:13:53 AM |
|
Yes. Note: Facebook will still log all the messages, and because it is OTR the encryption is fairly weak... even if the keys constantly change. Obviously the plausible deniability/log tampering argument might hold up in a court room, but please don't say anything on that platform you wouldn't want Facebook or LEA reading.
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
August 15, 2013, 07:17:25 AM |
|
I see it as an incremental step. It's hard to get people to change at all, but it's less hard to convince them to add some protection to their existing communication medium than it is to convince them to adopt an entirely new platform.
|
|
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
August 17, 2013, 04:57:14 PM |
|
It's hard to be explain, but their web site is subtly wrong in a way that makes me not trust the site or the company behind it.
|
|
|
|
LordMeowMeow
|
|
August 17, 2013, 05:28:57 PM |
|
I think running your own mail server for emails is a good Yes I think that might be a good option. I'll duckduckgo some good tutorials on this.
|
|
|
|
jedunnigan
|
|
August 17, 2013, 06:32:33 PM |
|
They are swiss based. Have you seen Switzerland's privacy laws? no good mate If you aren't looking to use GPG there are very few (if any) mail providers that can promise to keep your emails safe. Depends on what you are looking for, really.
|
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
August 17, 2013, 06:36:55 PM |
|
Wait for the Kim Dotcom solution?
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
wolverine.ks
|
|
August 17, 2013, 06:39:56 PM |
|
Wait for the Kim Dotcom solution? that may be a temporary solution, but hosting your own server is more likely the long term solution. additionally, there is bitmessage, a distributed email protocol, similar to bitcoin in some respects.
|
|
|
|
2dogs
Legendary
Offline
Activity: 1267
Merit: 1000
|
|
August 17, 2013, 07:32:00 PM |
|
Wait for the Kim Dotcom solution? that may be a temporary solution, but hosting your own server is more likely the long term solution. additionally, there is bitmessage, a distributed email protocol, similar to bitcoin in some respects. any suggestions for hosting your own server?
|
|
|
|
wolverine.ks
|
|
August 17, 2013, 08:56:59 PM |
|
i havent done much research into hosting my own server. i use a combination of gmail and bitmessage depending on who im talking to. im really excited about MailPile though. The project is run by 3 developers, 1 from google, 1 a member of the Icelandic Pirate Party, and 1 open source user interface developer. Its still in the works, but should be useable in 6-12 months. You can follow their progress and look up details here. http://www.mailpile.is/
|
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
August 17, 2013, 09:04:15 PM |
|
About hosting your own mailserver: Technically, this is pretty easy. Probably the easiest way would be to get a somewhat decent NAS, as they nowadays have all software ready-to-go, and just use a few tens of watt.
But, would my ente123.com mailserver be accepted by other, regular mailservers? No blacklisting or the like? At least webservers who are open (send mails without registering) or sending spam will quickly be blacklisted. So, I guess, it's as simple as installing a mailserver daemon, registering any domain and having a static IP (or dyn-dns)?
Ente
|
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
August 18, 2013, 01:39:18 AM |
|
Wait for the Kim Dotcom solution? that may be a temporary solution, but hosting your own server is more likely the long term solution. additionally, there is bitmessage, a distributed email protocol, similar to bitcoin in some respects. I don't think it will be temporary.. after all he's been through he wants to stick it up to the gov now, he'll find a way to make it permanent.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
August 18, 2013, 01:59:37 AM |
|
But, would my ente123.com mailserver be accepted by other, regular mailservers? No blacklisting or the like? At least webservers who are open (send mails without registering) or sending spam will quickly be blacklisted. So, I guess, it's as simple as installing a mailserver daemon, registering any domain and having a static IP (or dyn-dns)?
I've had some issues sending mail from my domain dserrano5.es to localbitcoins: And that google.com page reads: Why has Gmail blocked my messages?
Here at Gmail, we work very hard to fight spam [...] There are some additional spam-related steps you should take to improve the trust others will have in your domain.
|
|
|
|
dave3
|
|
August 18, 2013, 07:47:00 AM |
|
It's nice to run your own mail server, but you've got to set it up properly or you'll have problems getting your mail delivered.
Make sure reverse DNS is set on the mail server IP address, and setup SPF records and DKIM.
|
|
|
|
|
The 4ner
aka newbitcoinqtuser
Hero Member
Offline
Activity: 602
Merit: 500
R.I.P Silk Road 1.0
|
|
August 18, 2013, 04:45:46 PM |
|
i havent done much research into hosting my own server. i use a combination of gmail and bitmessage depending on who im talking to. im really excited about MailPile though. The project is run by 3 developers, 1 from google, 1 a member of the Icelandic Pirate Party, and 1 open source user interface developer. Its still in the works, but should be useable in 6-12 months. You can follow their progress and look up details here. http://www.mailpile.is/The fact that Mailpile consists of a google developer already makes me nervous to use Mailpile.
|
|
|
|
|