
Dark Mail Technical Alliance - happyman
http://darkmail.info/home.html
======
dang
[https://news.ycombinator.com/item?id=8816806](https://news.ycombinator.com/item?id=8816806)

[https://news.ycombinator.com/item?id=8821847](https://news.ycombinator.com/item?id=8821847)

------
substack
The proposal for forward secrecy in the spec
([https://darkmail.info/downloads/dark-internet-mail-
environme...](https://darkmail.info/downloads/dark-internet-mail-environment-
december-2014.pdf)) is not great and does not reflect the current state of the
art:

> PFS for message objects, as the description above suggests, is far more
> difficult, and contrary to the nature of email.

It recommends just rotating public keys every few days with a paranoid mode. A
much better solution is to implement the Axolotl Ratchet pioneered by Open
Whisper Systems for TechSecure:

[https://www.whispersystems.org/blog/advanced-
ratcheting/](https://www.whispersystems.org/blog/advanced-ratcheting/)

[https://github.com/trevp/axolotl/wiki](https://github.com/trevp/axolotl/wiki)

With Axolotl Ratchet, you get:

* forward secrecy - disclosure of private keys doesn't let an attacker in the future go back and read encrypted communication

* future secrecy - disclosure of ephemeral private keys doesn't disclose (much) future content

I also get the feeling from a glance reading the spec that way too much trust
is being placed on service providers. That there is even such a category as
"trustful" where the server has access to your private keys is a huge red flag
and that was exactly the problem with lavabit:
[http://www.thoughtcrime.org/blog/lavabit-
critique/](http://www.thoughtcrime.org/blog/lavabit-critique/)

~~~
higherpurpose
Adam Langley's Pond uses it, but I don't know why there hasn't been any
progress on that lately. Is the Pond design just too complex/difficult to
implement with a good UI, or just because of his lack of time?

[https://pond.imperialviolet.org/](https://pond.imperialviolet.org/)

------
iagooar
Is "Dark Mail" going to be the official name? I am no marketing expert, but I
am pretty sure it's not a good name. People associate darkness with negative
feelings, thus a lot of people might start thinking that encryption is for
hiding "illegal" things, and not for keeping privacy.

And please, don't even try using the silly X.0 naming, as some tech-ignorant
journalists started doing over a decade ago.

Besides the naming thing, I wish them the best, as I hope that this will
spread and become a new standard, even with the masses.

~~~
higherpurpose
No, I think DIME is. They should've changed the site name as well.

------
ajb
3 of 5 comments so far mentioning that the name is a mistake. Allow me to make
that 4 of 6. Come on guys, authoritarians are going to argue that this is just
about defending criminals and terrorists, do you want to make that argument
for them? Call it 'Liberty mail' or something.

~~~
1337biz
Let me enhance the argument Joe Shmoe: "I recently read that dark net users
are 90% pedophiles. So is this an email service for pedophiles only?"

~~~
Havvy
Why are people downvoting this? He's not making the argument, just explaining
that people will put up this strawman.

------
zaroth
The spec is pretty intense, I think the first thing to work on is better high
level documentation and overview. There is a lot going on with how this
proposed system formats, encrypts, signs, routes, and validates.

I've only glanced over less than half of the spec so far, but I'm not
convinced of the design just yet. For starters, I'm not sure I fully
understand the trust model, or even the baseline limitations on things like
one-to-many emails, key exchange, PFS. Before jumping straight into packet
formats and field layouts, I want to read more about the basic operational
model.

~~~
woah
Why is it so complicated? Seems unnecessarily byzantine.

------
bitL
Call it just email3, new version number can be hyped to regular Joe customers
as being newer, therefore better.

~~~
XorNot
This is a good one. Email3 sounds good. It shortens well - E3 message. The
optics here are kind of important.

EDIT: Nanjing prices? Seriously Google autocorrect?

~~~
krapp
People are going to wonder what happened to "Email2" though.

~~~
lez
Email2 was gmail :)

------
chhantyal
I watched Citizenfour yesterday and one of the really disturbing parts of
movie was Lavabit founder talking at European Parliament about why he had to
shut it down. I am glad that something good is coming up.

But can we please change name from 'dark' to something like 'secure, encrypted
etc'? Dark inherently sounds negative, at least in my part of the world.

~~~
spacefight
He had to shut it down - but as far as I remember, they got the SSL key
anyway. None can tell me that providing it in a font size of 4pt would have
stopped them. I think that typing 2560 chars is not that hard.

------
okasaki
I don't think email encryption will ever be more widespread than it is today.
People simply don't care, and even those few that can be convinced to use it
will invariably do something that invalidates the whole exercise like bring
their key to a public library, use it on their phone, resend the entire
conversation in plain text accidentally, lose the key and generate a new one
with you having no way to verify that it's not actually mitm, etc. All of this
has happened to me.

~~~
toyg
> People simply don't care

that's because they think email is _already_ private. They don't understand
that it's the electronic equivalent of printing their conversations on
billboards and hope nobody will actually look at them. As soon as you
demonstrate with a simple sniffer, they are outraged.

We just need "Firesheep for email" and then demand for privacy will explode.

~~~
eddieroger
Even after the Sony hack, people don't realize things like their work email
isn't really theirs, or email isn't private. If that wasn't a good enough
catalyst, I can't imagine what it will take to cross this threshold.

------
sobkas
So who will be able to use this wonderful protocol? Because I don't think it
will be available on gmail(or any other big provider). How it isn't going to
end like a pgp right now, when I can sent encrypted emails only to myself,
because no one in my circle uses encryption?

~~~
josho
I think you are pretty close to getting it right. This spec is Dead on
Arrival. This spec will never get traction in a large corporate environment.
Primarily because the business has a need to monitor and archive employee
emails. As a result no large corporation will ever adopt end to end encrypted
email as a standard.

While in the consumer arena Gmail and other ad / user profile supported
business' will never adopt this as it limits their access to valuable user
data.

------
lottin
I'd love that e-mail encryption became widespread, but I'm doubtful that it'll
ever happen. I think keeping private keys private may prove to be an
impossible task. Systems are too insecure. Even security experts may fall
victim to sophisticated attacks. Let alone the other 99.9% who are not
security experts.

~~~
adrianN
Any security measure you take can only make attacks harder. If you have a
really determined adversary nothing will protect you forever. Compared to the
current status quo e-mail encryption even if the private keys are only kept
moderately private would be a huge improvement.

------
mrmondo
I truly wish them all the best with this project. It would be a momentous win
for privacy to have email encrypted by default and easy enough for the general
public to use and that is no easy task. Will be interesting to see how this
plays out and if they can get some quality email companies like Fastmail
onboard early on.

------
jabgrabdthrow
Stop calling privacy-conscious software "dark". You are hurting your cause.

------
mrmondo
I'd rename it 'Trustmail'

~~~
a3n
I wouldn't trust anything with the word 'trust' in it. My assumption is that
if you have to put some quality in a name (like, say, QualityCircle), then the
name is about all of that quality there is in the product.

------
sandstrom
As others have mentioned, I think a new name is necessary. It wouldn't be fair
to the project to handicap it with such as name.

Name it after Voltaire, John Stuart Mill, Locke or similar.

Interestingly, a previous HN discussion also suggested a name change:
[https://news.ycombinator.com/item?id=8157922](https://news.ycombinator.com/item?id=8157922)

(The abbreviation DIME, Dark Internet Mail Environment, sometimes mentioned is
also terrible. Hiding 'dark' with an abbreviation isn't enough)

------
getsat
.info domain, SSL cert but no HSTS, email list subscription posts to non-SSL
endpoint, empty forums. Is this real? WHOIS info appears real and it's over a
year old, but still...

------
mike-cardwell
Who cares what the name is? End users aren't going to see it anyway...
Bittorrent has a completely neutral name, yet it didn't stop it from getting a
bad rep with people who don't know better, and that bad rep hasn't stopped it
from being hugely successful.

The chances of this project succeeding or failing has nothing to do with the
name. There are much bigger barriers which they need to overcome.

------
sasas
HTTPS appears available [1], interesting that they don't force a redirect.

[1] [http://darkmail.info](http://darkmail.info)

~~~
higherpurpose
It seems EFF's HTTPS Everywhere is not picking it up.

------
comboy
I appreciate detailed spec, but it would be nice to have some TL;DR version of
how is this supposed to work.

I do like putting names on the front page though.

------
Rapzid
Freedom Mail.

~~~
jacquesm
Is that like 'Freedom Fries'?

~~~
Rapzid
Exactly like Freedom Fries. With less starch.

No reason not to use the same tactics the government uses. Patriot Act? Ha.
This frames any attempts to thwart the security by the government as anti-
freedom. The "liberty mail" recommendation in here was good too :D

~~~
juliangregorian
In that case why not go big, "Counter-terrorism Mail", or "Homeland Security
Mail".

------
xiaoma
Safe Mail

------
erlend_sh
For the love of all that is holy, please use _any_ forum software other than
phpBB. We have Discourse, NodeBB and Vanilla forum now.

------
Aissen
Would be nice to publish the spec in HTML form instead of pdf, for ease of
readability.

