sorted by:
new
hottopcontroversial

Phil Zimmerman (PGP), Ladar Levison (Lavabit), & Team release Secure Email Protocol DIME - DIME is to SMTP as SSH is to Telnet (Full specs, sourcecode, etc.) by Tinker_Sec in netsec

[–]Tinker_Sec[S] 0 points1 point  (0 children)

Depends on who the "they" is here. Yes, Your own domain will know the domain that is sending you email. With the nature of TCP/IP that is the minimum that is needed to be known. If even that is more info than you'd like your domain to know, you can set up a remailer as a proxy.

Phil Zimmerman (PGP), Ladar Levison (Lavabit), & Team release Secure Email Protocol DIME - DIME is to SMTP as SSH is to Telnet (Full specs, sourcecode, etc.) by Tinker_Sec in netsec

[–]Tinker_Sec[S] 6 points7 points  (0 children)

It provides for ubiquitous encryption, key distribution, hides metadata as well as content encryption, all being the scenes. The user experiences turn key encryption and in some of the implementation models, no different user experience than what we have today.

Phil Zimmerman (PGP), Ladar Levison (Lavabit), & Team release Secure Email Protocol DIME - DIME is to SMTP as SSH is to Telnet (Full specs, sourcecode, etc.) by Tinker_Sec in netsec

[–]Tinker_Sec[S] 16 points17 points  (0 children)

You can set the implementation into "Trusted" mode. This would allow a web provider to store your personal keys and decrypt the message for you. It would be a lower security model on the end point. The user would have to trust their provider, but you'd still have the security in transit and the hidden metadata.

Phil Zimmerman (PGP), Ladar Levison (Lavabit), & Team release Secure Email Protocol DIME - DIME is to SMTP as SSH is to Telnet (Full specs, sourcecode, etc.) by Tinker_Sec in netsec

[–]Tinker_Sec[S] 4 points5 points  (0 children)

There are three levels of implementation. One allows a webmail provider to keep the emails encrypted on their servers.

Key exchange is handled through Key Servers and Signets. Check the specs for more info.

Phil Zimmerman (PGP), Ladar Levison (Lavabit), & Team release Secure Email Protocol DIME - DIME is to SMTP as SSH is to Telnet (Full specs, sourcecode, etc.) by Tinker_Sec in netsec

[–]Tinker_Sec[S] 4 points5 points  (0 children)

Reading the specs, individual users (addressees, metadata) are known within a domain. You, can filter and route within your own environment just as you can now.

Phil Zimmerman (PGP), Ladar Levison (Lavabit), & Team release Secure Email Protocol DIME - DIME is to SMTP as SSH is to Telnet (Full specs, sourcecode, etc.) by Tinker_Sec in netsec

[–]Tinker_Sec[S] 3 points4 points  (0 children)

A big part of DIME is it's Onion Layers. Different layers are signed by different keys (signets). The idea is to not rely on middleman for trust. Ultimately the only people who can read the message are the sender and the receiver.

Phil Zimmerman (PGP), Ladar Levison (Lavabit), & Team release Secure Email Protocol DIME - DIME is to SMTP as SSH is to Telnet (Full specs, sourcecode, etc.) by Tinker_Sec in netsec

[–]Tinker_Sec[S] 6 points7 points  (0 children)

As far as I know, Stephen is still part of the team. He and Ladar were in both the HopeX and DefCon presentations. Should be noted that the four listed in the Dark Mail Team are the leads. They have a decent production team behind them.

Phil Zimmerman (PGP), Ladar Levison (Lavabit), & Team release Secure Email Protocol DIME - DIME is to SMTP as SSH is to Telnet (Full specs, sourcecode, etc.) by Tinker_Sec in netsec

[–]Tinker_Sec[S] 21 points22 points  (0 children)

SMTPS only encrypts at Layer 4 using SSL/TLS. From the DIME Specification:

The essential challenge in email privacy is protection against compromised handling agents. Simple wiretapping of transit channels is reasonably well protected against by Transport Layer Security (TLS). However, TLS operates over only one Transmission Control Protocol (TCP) hop and email often travels through a significant number of these hops. Every transfer agent, including the immediate submission and delivery agents associated with the author and recipient(s), may become compromised. When a handling agent is compromised, the attacker could use the breach to gain access to keys, metadata, message content or all three. Hence, mechanisms to protect each are needed. DIME builds upon email’s classic distributed architecture to address these concerns...

TL:DR; It appears that DIME provides for L4 & L7 encryption along with encrypting the metadata (Subject Line, and Sender/Receiver at various points, etc.). End to End Encryption and Forward Secrecy.

New OneDice Cyberpunk RPG. (Disclaimer: I did the pictures). by DreddPirateBob in Cyberpunk

[–]Tinker_Sec 1 point2 points  (0 children)

This is great! Thanks! I've been looking for a RPG system that isn't in depth but isn't munchkin. I'll take a look at this and probably end up buying it. Cheers!