Open cofob opened 3 years ago
This is a pretty good idea and I had been thinking of something similar. Just not sure if it will fracture the experience if people use different DNS (e.g. some people use ALFIS, others use internet DNS, or have no DNS connectivity at all).
now, I'm no expert in ygg, so correct me if I'm wrong here.
If on my example.com I add an ygg AAAA record (starting with 0200), isn't that enough for yggmail to already be able to do the task?
Afterall, ygg manages to encrypt and route packages based purely on IP, yygmail should be able to extract the public key from a running node too.
This is a pretty good idea and I had been thinking of something similar. Just not sure if it will fracture the experience if people use different DNS (e.g. some people use ALFIS, others use internet DNS, or have no DNS connectivity at all).
You need yggdrasil to use it, I don't think that the people who use it do not distinguish between different DNS.
now, I'm no expert in ygg, so correct me if I'm wrong here.
If on my example.com I add an ygg AAAA record (starting with 0200), isn't that enough for yggmail to already be able to do the task?
Afterall, ygg manages to encrypt and route packages based purely on IP, yygmail should be able to extract the public key from a running node too.
This will allow you to more flexibly customize your mailbox (and not all domains have a yggdrasil address, or there may be several of them). You can make yggmail
look at the TXT
record first, only then at AAAA
.
There are some security concerns though.
If someone sends mail, for example to neil@yggmail
and uses faulty DNS-server, it can get attackers address, and send mail to an attacker instead of Neil.
The better way is to use addresses like neil.ygg@yggmail
, using full domains from ALFIS' zones. Then if yggmail
sees that address is not a public key, and has one of ALFIS's zones ending, it tries to resolve that domains TXT record. I think, the record should be for subdomain like yggmail.neil.ygg
.
There are some security concerns though. If someone sends mail, for example to
neil@yggmail
and uses faulty DNS-server, it can get attackers address, and send mail to an attacker instead of Neil.The better way is to use addresses like
neil.ygg@yggmail
, using full domains from ALFIS' zones. Then ifyggmail
sees that address is not a public key, and has one of ALFIS's zones ending, it tries to resolve that domains TXT record. I think, the record should be for subdomain likeyggmail.neil.ygg
.
I suggested addresses like neil@ygg
(neil.ygg), neil@com
(neil.com).
I suggested addresses like
neil@ygg
(neil.ygg),neil@com
(neil.com).
How the DNS server will resolve such addresses?
I suggested addresses like
neil@ygg
(neil.ygg),neil@com
(neil.com).How the DNS server will resolve such addresses?
Before resolving, the back-end will parse such an address in domain.tld
, and request a public key
from the DNS
, then send an email to public_key@yggmail
most apps don't work with tld
most apps don't work with tld
Perhaps we misunderstood each other. .tld is a placeholder for first level domain like .ru, .us, .com (Top-level domain)
i'm in point that most apps don't work with domain like hash@yggmail
Yes, I was unable to use my usual mail clients, because they didn't accept the mail address. The only one that worked for me was thunderbird.
i'm in point that most apps don't work with domain like hash@yggmail
Can you please qualify which apps don’t? Everything I have tested has so far been fine (including Apple Mail, iOS Mail.app, Thunderbird, mutt and Evolution).
Mailspring and KMail didn't accept the email.
Mutt didn't like the non existant encryption (this may have been a configuration issue on my side).
i'm in point that most apps don't work with domain like hash@yggmail
Can you please qualify which apps don’t? Everything I have tested has so far been fine (including Apple Mail, iOS Mail.app, Thunderbird, mutt and Evolution).
DeltaChat and KMail "Wrong mail address"
Mutt definitely worked when I set it up. If KMail and Mailspring have issues with the address format then we should probably raise issues on their respective bug trackers, since the email addresses are valid as per RFC 5322.
Mutt definitely worked when I set it up. If KMail and Mailspring have issues with the address format then we should probably raise issues on their respective bug trackers, since the email addresses are valid as per RFC 5322.
How did you prevent Mutt from trying to use TLS for the SMTP server?
I already used the smtp:// format instead of the ssmtp:// one.
How did you prevent Mutt from trying to use TLS for the SMTP server?
Something like this in .muttrc
:
set folder = "imap://localhost:1143"
set imap_user = "<username>"
set imap_pass = "<password>"
set smtp_url = "smtp://localhost:1025"
set smtp_pass = "<username>"
set ssl_starttls = no
set ssl_force_tls = no
set from = "<mailaddr>"
set realname = "<name>"
I tried it with this config and either get a SASL authentication failed
if I use something like smtp://HASH@yggmail@localhost:1025 or SMTP session failed: 502 5.7.0 Not expecting anonymous connection on internal backend
when configuring it via the example above. But this seems to be getting off topic.
Maybe it would be better to allow multiple inboxes on one node and use more conventional addresses like inbox@public_key.yggmail
and inbox@domain.tld
. This would be more compatible, more flexible, and could make it possible to have one address for both yggmail and standard email.
Or maybe support only one inbox per node but accept any name before '@'. This way emails sent to both name1@key.yggmail
and name2@key.yggmail
will go to the same inbox, but different names could be used to help filtering and categorization of mails.
Or maybe support only one inbox per node but accept any name before '@'. This way emails sent to both
name1@key.yggmail
andname2@key.yggmail
will go to the same inbox, but different names could be used to help filtering and categorization of mails.
Also in this case an option to restrict allowed names will be useful for basic spam protection: to send mail complete address must be known, not just the public key, so it won't work for spammers to try to send mails to every node discovered on the network.
Is your feature request related to a problem? Please describe. In the current version of yggmail, it is quite difficult to remember or share addresses like
e8a6d1decc5c53b657bf57c546b894c7f07bcebf9a1bcc09de00d7a03d7e5366@yggmail
.Describe the solution you'd like It is possible to use
ALFIS
(or any otherDNS
) to solve this problem. You can add aTXT
record to_yggmail.domain.tld
containing the yggmail public key. When sending a message todomain@tld
, yggmail will extract the public key from theDNS
, and send the message to the{public key}@yggmail