search

purism / purist

Purist Services
GNU General Public License v3.0
2 stars 2 forks source link

Encrypted Email #5

Open toddatpurism opened 8 years ago

toddatpurism commented 8 years ago

Create an encrypted email service.

Initially this should be email + secure auth + built-in-encryption

Later it would be great to have this become a full encryption communication, with sane fall-back to notify the user that their email must be upgraded to communicate encrypted.

joeyh-purism commented 8 years ago

todd expanded on this as follows by email:

0) propose an email standard that allows encryption by default 1) send fully encrypted by default, unless it is not supported (yes initially it will be only to/from @puri.st) 2) send a fallback generic plaintext email explaining to get encryption TO: user@gmail.com FROM: some-reply-address-ff00bbccaadd@puri.st SUBJECT: A person wants to communicate securely with you BODY: But you don't support encryption. Please request to add it, or get it. 3) offer to the sender to send the unencrypted contents via plaintext

This approach might get us to bridge the gap to have email become encrypted by standard. with an acceptable fallback.

joeyh-purism commented 8 years ago

There are several attempts to implement #0 currently, notably the Dark Mail Alliance which I see has a client and a server now. So that is well under way.

1, #2 makes sense for outgoing email.

Incoming email is probably the most difficult part. We can't check if an incoming email is encrypted until we've received it, and at that point we have an un-encrypted email touching our server. And the receiver has no control over whether their bank, etc sends unencrypted email, and would not want such important emails to be rejected.

joeyh-purism commented 8 years ago

We can give users an email client that tries to find a key to encrypt all the emails it sends. But, if the user chooses to use a different email client with our email server, we again can't tell if a message they're sending is encrypted before it reaches our server. So again we risk un-encrypted email touching our server.

Also, users will probably need to send email to entities that refuse to use gpg or have not yet learned how to use it.

So, there's probably no perfect solution for encrypted email. But, we can make it as easy as possible to have it be secure by default.