Slashdot Mirror

← Back to Stories (view on slashdot.org)

Silent Circle, Lavabit Unite For 'Dark Mail' Encrypted Email Project

Posted by timothy on from the it's-so-spooky dept.

angry tapir writes "Two privacy-focused email providers have launched the Dark Mail Alliance, a project to engineer an email system with robust defenses against spying. Silent Circle and Lavabit abruptly halted their encrypted email services in August, saying they could no longer guarantee email would remain private after court actions against Lavabit, reportedly an email provider for NSA leaker Edward Snowden."

7 of 195 comments (clear)

  1. Did the NSA just kill SMTP? by Defenestrar · · Score: 5, Interesting

    It's been around for what, 40 years? Working, (relatively) anonymous, and totally insecure mail transfer with tons of inertia. Never thought I'd see the day where there might be a small sliver of opportunity for another protocol to actually happen. Ars has a nice article about it too.

    1. Re:Did the NSA just kill SMTP? by Vanderhoth · · Score: 5, Insightful

      There is the added advantage that if everything is encrypted, and snoopers had to decrypt everything to find something of value, it would be a serious drain on their resources. On the flip side, if everything, except that which absolutely required encryption, was sent in and easily accessible format then encrypted messages are a big red flag that says "Look at me I'm important!!", which allows snoopers to be selective about where they spend their resources. But that's just my take on it.

  2. Dump SSL / Certificate-based Security by Anonymous Coward · · Score: 5, Insightful

    The whole paradigm of certificate trust, and the fact that you just have to trust Root CAs, is a farcical model of security.

    We should all be aware by now that the Root CAs we all know and trust are compromised by NSA and that they can MITM any SSL connection they want at any time.

    Until we can move beyond this whole third party certificate trust issue, there will never, EVER be truly secure email.

  3. Thanks Snowden by Jakosa · · Score: 5, Interesting

    When I first saw the Snowden-film from Hong Kong I thought: "damn! he has forfeited his life and nobody will care. And now this! Not only has he shaken the political world-society, he has also aroused the tech-world and made it possible to make some major changes. Hope I will be running this new protocol by next year and be able to send super-secret Christmas-cards to the select few who is also using it!

  4. right from the white paper by imatter · · Score: 5, Insightful

    SCIMP provides strong encryption, perfect forward secrecy and message authentication.Further, we have incorporated many NIST-approved methods and protocols into its design including:

    • Elliptic Curve Diffie–Hellman (ECDH), NIST 800-56A
    • Counter with CBC-MAC (CCM), NIST 800-38C
    • Key Derivation, NIST 800-108
    • Secure Hash Standard, FIPS 180-4
    • Advanced Encryption Standard (AES), FIPS 197

    Does anyone else see a problem with with the wording "NIST-approved methods and protocols?" NIST/NSA

  5. Re:Called it by Alain+Williams · · Score: 5, Insightful

    Registrant Country:US

    I'd just feel a bit happier if the new effort was based somewhere other than the USA; somewhere a bit harder for the NSA to get its sticky paws into. I have in mind how the NSA screwed with IPSec. Mind you: discussion would have to be international, I am not sure how much harder it would make things for them if this was based in, say, Bolivia.

  6. Re:Called it by slashmydots · · Score: 5, Funny

    I knew you were going to post that.