Autor: William Waites Datum: To: tails-dev Betreff: Re: [Tails-dev] Thoughts on reading mail
On Tue, 10 Jun 2014 13:03:57 +0200
intrigeri <intrigeri@???> wrote:
> I doubt we would ever have included Mutt... More software means more
> maintenance work, a potentially larger attack surface, and more
> anonymity/privacy concerns to take care of. IMO, we should drop Mutt
> at some point. But feel free to add it to your
> live-additional-software.conf file :)
Fair enough. Actually at that point I'd probably go back to my odd
habit of using emacs for mail -- I'm probably not really your target
user here!
> If interested, then I encourage you to look into Torbirdy, and ensure
> that it does a good enough job in this area: this will help us migrate
> ASAP, and provide a better email user story :)
Had a brief look. Torbirdy itself seems to just manage a bunch of
preferences and sets them to better values. One questionable practice
is using 127.0.0.1 for HELO/EHLO. This is strictly valid according to
the RFC but against the spirit (which is meant to identify the
sending host). I suspect some SMTP servers would reject this.
There are patches to the C++ program that introduce some of the
settings that Torbirdy uses and also changes the behaviour of the
message ID and date header generation. Doesn't touch X-Mailer though.
For various reasons -- mostly metadata collection -- the way we do
email needs to be re-thought, and using tor is only part of the answer.
The onionmail message the other day is interesting in this regard but
it doesn't document very well what the protocol is like between mail
relays. In general I think there is too much focus on tor here and mail
should be thought of in a transport-independent way. Like MIME-nested
encrypted RFC822 messages, layered similarly to how tor does it. Then
use tor or not to talk amongst relays according to taste. To do it
right it would need some helpers in the MUA. It would be interesting
to nail down how this would work, and could possibly be done with an
extension like Torbirdy. But this is probably a little out of scope for
Tails as such at the moment.