Lavabit was Edward Snowden’s email provider, and it’s definitely talked about in the past tense; founder Ladar Levison closed up shop rather than knuckle under to an order to give up its private SSL keys. Silent Circle founder Phil Zimmerman is the author of Pretty Good Privacy (PGP), an open source email encryption system which earned him a federal investigation for violating munitions export laws when it was mirrored internationally.
Both men have faced down the U.S. Government, and both are visionaries. When they make an announcement, like the creation of the Dark Mail Technical Alliance, everyone in the fields of cryptography and privacy pays close attention. The DMTA has been formed to bring the proposed Dark Internet Mail Environment (pdf) from concept to a broadly adopted standard, and they are well on their way to accomplishing this goal.
Also read: How You Can Still Avoid And Thwart The NSA
Darkmail: Not Just A Press Release
We face a flood of press releases on a daily basis claiming paradigm changing advances, but darkmail.info provides information on the Dark Internet Mail Environment in the form of a 107 page specification. Page fifteen of this document defines some allcaps keywords that are immediately recognizable to technical experts:
“The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, AND “OPTIONAL” as used in the context of this document are to be interpreted as described below.”
The many standards and systems that make up the internet are defined by the Internet Engineering Task Force’s Request For Comment process. The very first RFC was published on April 7th, 1969, the annual ritual of an April Fools RFC began in 1978, and the obituary of IANA administrator Jon Postel was published in 1998 as as RFC 2468, honoring his twenty nine years of service running the Internet Assigned Number Authority. There are over 7400 RFCs available, each of them uses this set of allcaps keywords, and they are the final word in how things should work.
That the DIME standard is RFC style text, but in a polished format, indicates just how quickly the alliance expects to move. They want the technological and business arrangements to happen in parallel, and to be done in the coming year.
We recently published Making Encrypted Email Usable, which offers information on easing your transition into PGP, but when the system’s original author proposes an alternative we should all pay close attention. The motivation for this move is probably best explained by pointing you to the blog of University of Maryland cryptographer Matt Green (@matthew_d_green). He offers a pointed view in What’s the matter with PGP?
It’s time for PGP to die. In the remainder of this post I’m going to explain why this is so, what it means for the future of email encryption, and some of the things we should do about it. Nothing I’m going to say here will surprise anyone who’s familiar with the technology — in fact, this will barely be a technical post. That’s because, fundamentally, most of the problems with email encryption aren’t hyper-technical problems. They’re still baked into the cake.
PGP was a marvel when it was released, but it’s been twenty-four years. If the problems the system face were completely resolvable they would have been resolved and we’d all be using it. Instead we see new messaging tools released every week that are either web based or mobile wrappers around standards based cryptography. The argument that we need backward compatibility has been completely disproven by what is happening in the real world.
What Does DIME Offer?
Today when you send an email using a mobile or desktop client it’s probably unencrypted, which means the full text of the message, as well as the author and recipient are visible on any system that handles it. If any one of your device, the recipient’s device, or either of your mail servers are vulnerable, then the whole message is exposed.
DIME solves this problem by building each message out of multiple encrypted compartments. When your client hands a message to your email server, the only thing your server can see is the destination domain. The destination mail server can see the recipient’s account name, but it only knows which server sent it. While in transit over the public internet, the place where the NSA now captures and indexes our email, the only information available for a DIME message are the source and destination domains.
PGP key management has been a miserable process, only somewhat improved by the tools we mentioned in Making Encrypted Mail Usable. What DIME offers is hard to characterize in a short article, but if you’re familiar with how chat clients handle Off The Record encryption, that’s probably a good way to envision DIME’s capabilities. All of those manual key exchange tasks with the potential for human error are streamlined, or simply automated and out of sight.
Ladar Levison, still smarting over the loss of Lavabit, takes aim in the opening dedication at the entity that cost him his company:
I would like to dedicate this project to the National Security Agency. For better or worse, good or evil, what follows would not have been created without you. Because sometimes upholding constitutional ideas just isn’t enough; sometimes you have to uphold the actual Constitution. May God bless these United States of America. May she once again become the land of the free and home of the brave.
The credentials of the founders are sterling, their motivations are crystal clear. The presence of a 107 page document using RFC style language, but well formatted and full of professional graphics, should help speed uptake among more than just the usual very technical audience for RFCs.
Images from Shutterstock.
San Bernadino iPhone Case: Major Press Agencies Are Suing the FBI
The Associated Press, Gannett, and VICE Media are suing the FBI to know more details about the agency’s hack of the San Bernadino killer’s iPhone.
Toward Unbreakable Quantum Encryption for Everyone
Hacked recently covered the efforts of the Chinese government to build unbreakable quantum communication networks. According to analysts, quantum communications networks are so expensive that they could have a “recentralizing effect,” enabling states to recover the ground that they have lost to decentralizing digital technologies. But what if ultra-secure quantum cryptography could be made available to everyone at low cost?
The Chinese Quantum Satellite QUESS: Toward Unbreakable Quantum Networks
One year ago Hacked covered the race between the US and China to develop “military super-powers” by harnessing quantum science, and noted that Chinese scientists were developing quantum communication satellites that support unbreakable encryption. A few weeks ago, China launched its first quantum satellite.
- Asian Market Update – Tuesday: Litecoin price skyr...
- Technical Analysis: Litecoin Continues Surge as Bi...
- Trade Recommendation: Stellar
- Trade Recommendation: Bitcoin Cash
- Bitcoin Plunges $2,000 on Eve of Futures Contract
- Monero Forges Ahead as Prices Cross $290
- Ethereum Flirts With Record Highs as Buterin Compa...
- Trade Recommendation: Bitcoin Cash December 12, 2017
- Is Bitcoin Stealing Gold’s Luster? December 12, 2017
- Asian Market Update – Tuesday: Litecoin price skyrockets despite creator’s warning; Asian stocks down December 12, 2017
- Is Bitcoin Driving Gold Prices Lower? December 12, 2017
- Monero Forges Ahead as Prices Cross $290 December 12, 2017
- Ethereum Flirts With Record Highs as Buterin Compares Crypto Surge to Salvator Mundi Auction December 12, 2017
- Altcoin Investing Strategy as Futures Hit the Market December 12, 2017
- Companies are Lining Up to Launch Bitcoin ETF, According to SEC December 12, 2017
- Technical Analysis: Litecoin Continues Surge as Bitcoin Tests Highs December 11, 2017
- Trade Recommendation: Ride ETN and EW on Breakout December 11, 2017
A part of CCN
Analysis1 week ago
Long-Term Cryptocurrency Analysis: A Major Top Could Be In
Altcoins1 week ago
IOTA Doing Big Things as Microsoft Partnership Announced
Analysis3 days ago
Long-Term Cryptocurrency Analysis: Look Out Below?
Recommendations4 days ago
Trade Recommendation: Litecoin
Cryptocurrencies1 week ago
Trade Recommendation: Neo
Analysis1 week ago
$100 Litecoin Looks Poised for Greater Upside
Cryptocurrencies1 week ago
Trade Recommendation: Zcash
Cryptocurrencies4 days ago
Trade Recommendation: Stellar