
Silent Circle and Lavabit design new end-to-end encrypted email protocol - wtbob
http://darkmail.info/?year-later
======
dang
Discussion from yesterday:
[https://news.ycombinator.com/item?id=8816806](https://news.ycombinator.com/item?id=8816806).

~~~
wtbob
Doh! I didn't see it then. Sorry for the repost.

------
dcposch
Interesting, and of course I love the mission. They are trying to move beyond
PGP and protect metadata (who talks to whom) instead of just content.

The spec strikes me as complex. Why are there three modes (Trustful, Cautious,
and Paranoid)? Why is there a Cryptocurrency field and a Motto field?

~~~
undefined0
> Why are there three modes

I don't understand this too. If you set the mode to paranoid, this gives the
NSA metadata that you're trying to hide something from them and then the NSA
will archive all of the paranoid emails as they currently archive OTR
messages, in the hopes that one day they can decrypt them. There needs to be
just one mode, private by default - unless their specification is designed in
a way to make the NSA unable to detect which mode a user has enabled?

~~~
torrance
From my brief reading of the spec, the three modes are mostly just a matter of
where the keys are generated and stored. I think the messages themselves are
indifferent to the mode (and therefore intermediaries can't determine between
the three).

------
higherpurpose
I haven't gone through the whole paper yet, but other than showing up on the
site (which hasn't been updated for a year until two days ago), and in an
initial talk a year ago, I don't see the Silent Circle guys mentioned anywhere
else.

What have they actually contributed to this project? I get the feeling they
wanted to do something together, but then they probably got busy with their
own Silent Circle + Blackphone + moving to Switzerland, and they might've had
some slight disagreements on what DIME should look like as well, and then it
was all up to Ladar Levison and someone he hired to work it all out.

------
harigov
It's good that someone is looking into making the most important electronic
communication mechanism secure. Making email secure without figuring out a way
to make the architecture spam-proof would probably end up in a situation where
people would be forced to open up their email contents to someone, thus adding
a privacy loophole. Or it might end up with ton of spam similar to usenet,
which essentially makes it unusable. Also, why would one want to name
something "Dark Mail" which has some negative connotation to that.

