tag:blogger.com,1999:blog-176770731979379806.post5504886675219756303..comments2022-12-15T10:49:59.823+01:00Comments on Palmström: Some vague ideas on building a secure email serviceAnonymoushttp://www.blogger.com/profile/08974461728804933391noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-176770731979379806.post-70961546576251101922013-08-16T21:16:14.395+02:002013-08-16T21:16:14.395+02:00A friend just sent me a link to the bitmessage pro...A friend just sent me a link to the bitmessage protocol: bitmessage.org/bitmessage.pdf, which proposes a solution to the same problem. I do not think that bitmessage is practical.<br /><br />Bitmessage works a lot like Bitcoin, from which it is inspired:<br /><br />1. Instead of email addresses, users are identified by uniquely identifying hashes (which are also used to sign the message). In the above concept, I suggest to use a public directory that allows for a lookup between human readable addresses and public keys/hashes. (This is just a convenience and could be built into bitmessage, too.)<br /><br />2. Bitmessage does not use a central service, but a peer to peer protocol. This has the advantages and drawbacks of BitTorrent, i.e. if the recipient is not constantly connected, delivery may take very long or even be impossible.<br /><br />3. To make it infeasible to swamp the system, every sender is required to perform expensive computations to create a message, i.e. spend about four minutes of CPU time. In my view, this is not only ridiculously expensive, but also wasteful and often impractical (imagine the cost to a university professor to send grades to a few hundred students). Spamming would still easily be possible by employing bot networks (i.e. stealing CPU time from highjacked computers). The money would be better spent on the infrastructure of the service itself, by selling anonymous access tickets. Buying anonymous tickets itself is probably not anonymous (third parties will know that you bought resources to send a bunch of messages), but that should not constitute a problem.<br /><br />4. To get around the need for a notification system, bitmessage opts to send all messages to all recipients; every recipient will have to attempt to decrypt everything. This may work for the payment data of the small Bitcoin community, but will not scale for email: even with only a few hundred thousand users, every recipient would have to download and process terabytes of data every day.Anonymoushttps://www.blogger.com/profile/08974461728804933391noreply@blogger.com