

T3mpmail: Temporary email, redefined - aronvox
https://www.t3mpmail.com

======
billyhoffman
How can T3mpmail tout its security/privacy and ask"Want to have a private
conversation without being snooped on?", when their SSL configuration allows
for non-Forward Secrecy key exchanges?

In other words, sniff their traffic, and if the server's private key is ever
compromised, then all the traffic ever captured can be decrypted.

In a post-Snowden world, starting any email service focused on security and
not using DHE or ECDHE is just silly and shows a lack of understanding about
your attack vectors.

(SSL Labs report, showing RSA key exchange support and no preference on cipher
suites
[https://www.ssllabs.com/ssltest/analyze.html?d=t3mpmail.com](https://www.ssllabs.com/ssltest/analyze.html?d=t3mpmail.com))

~~~
nherment
In a post snowden world, thinking email can be secure and talking about
client-server encryption shows a lack of understanding in the snowden
revelations.

Emails will be secure only whith a new protocol different than SMTP.

Edit: Sorry my post sounds agressive. It's not the goal. I'm sure you
understand the snowden revelation. However I don't think their goal is to
provide fully 'secure' email but only quick and anonymous email assuming it is
used with a system like Tor of course.

------
watermel0n
I upvoted because I like the simplicity of the website.

But I have to say that I would have preferred if your code was open source.
You state to use encryption and delete messages from your servers. Now I would
like to have some sort of "proofs" and there is nothing more realiable than
code.

My 2c.

~~~
aronvox
Thanks! We just got started, and I totally get your point. Right now we are
trying to figure if there is a commercial aspect to this. Our plan is to open
source the code eventually.

Note: We use AES for encoding our keys into redis, where we use redis timeouts
to clear out the data. Minimal postfix logging to ensure that we don't keep
track of emails.

------
wodenokoto
There is one button that does anything on that website and that button replies
to the one and only email in your temporary inbox. So ... How am I supposed to
use this for anything?

------
nherment
This is awesome. Those who complaint about encryption and security are
probably not your target users...

This is a great tool.

------
DudeKumar
It would have been helpful if you allow us to take a dump of our mails before
deleting everything.

~~~
aronvox
Nice idea! Thanks! Will add it to our to-do list :)

------
snapoutofit
There are a bunch of other services like this right?

~~~
aronvox
Yup there are a few of them out there. We were not sure about their security
and if they delete the conversations.So we created something which we feel is
more secure.

~~~
snapoutofit
Hmm, okay. Looks better than the others :).

