LadarLevison
Highest Rated Comments
LadarLevison77 karma
I wrote a detailed response for Ars. The short version is that Moxie missed the point. I designed Lavabit to work within the limits of existing mail protocols. I was also focused on building a system that wouldn't require any special knowledge to use.
Specifically Lavabit was designed to protect messages while they resided on Lavabit's servers. The goal was to remove Lavabit from the surveillance equation. The system didn't do anything to protect messages before they arrived or after they left Lavabit. A truly secure system, as Moxie defines it, will require a new set of protocols, servers to support, and clients to utilize it. That is the goal of the dark mail project.
http://arstechnica.com/security/2013/11/op-ed-lavabits-founder-responds-to-cryptographers-criticism/
http://www.kickstarter.com/projects/ladar/lavabits-dark-mail-initiative
LadarLevison58 karma
Yes, you will be able to use Outlook and Thunderbird although exactly how they'll be supported is still up for debate. It's worth noting my current plan will be to release a fork of Thunderbird with builtin support for dark mail. But if you like your current client, then what?
One option is that we'll simply build dark mail plugins for Outlook and Thunderbird. We'll probably support at least these clients via plugins.
For other MUAs were thinking about releasing a dark mail proxy that you can run on your local machine. The proxy will connect out to the service provider and speak the secure dark mail protocol. Then provide Outlook, Thunderbird, Elm, Mutt, Pine, Eudora, or any other legacy MUA access via the loopback adapther using the traditional protocols, aka POP/IMAP + SMTP.
LadarLevison78 karma
If Grandma is on a dark mail domain, the message will travel securely to her.
If Grandma is on an insecure domain (aka a domain that doesn't support dark mail) your email client will indicate that your sending an insecure email using bright colors. In that scenario the message will travel naked, over SMTP, with nothing but SSL to protect it.
View HistoryShare Link