On 3 Jun 2015, at 10:49, James B. Byrne wrote:
On Wed, June 3, 2015 10:41, Bill Cole wrote:
Note that if you want maximal protection for both message metadata
(headers and SMTP envelope) and content both in transit and after
delivery, you have a very large problem space that has ultimately
frustrated some very smart people, including Phil Zimmermann (the
original author of PGP) who recently started to try to create a fully
secure email service and gave up on it as impossible.
I had not read that the Dark Mail project was dead or that Zimmermann
had left it. Where can this information be found?
The Dark Mail project is aimed at replacing the existing email
environment with one that can be secured. It's the follow-on to Lavabit
shutting down their service and Silent Circle (Zimmermann's company)
shutting down the existing Silent Mail service. Google is failing me at
the moment at finding Zimmermann personally stating that email can't be
secured (I have a clear recollection of *hearing* him say it but I'm not
finding that anywhere likely...) but there is this post at the SC blog:
https://silentcircle.wordpress.com/2013/08/16/why-cant-email-be-secure/
Dark Mail is being specified and built on an almost clean slate. Some of
DMTP smells like SMTP, but it is not a compatible protocol. It is
designed to co-exist on port 25, but the first thing a DMTP client does
when it sees DMTP support in the greeting banner is incompatible with
SMTP. Similarly, DMAP is expected to be like IMAP but it won't do all
that IMAP does and will also be used for submission, so it has to be
substantially different. The message format (D/MIME) is a derivative of
the rightly unloved RFC822, but it includes layered encryption of header
and envelope chunks to limit access to specific metadata to the
participant entities who actually need it. In the end, each every
component of the Dark Mail environment is a replacement of the analogous
component in the existing Internet mail environment, avoiding the
inherent insecurities of its ancestor. Dark Mail will not make the
existing Internet mail environment secure, it is intended to replace the
whole environment.
