Why are all the recent systems instant messaging instead / chat style instead of desktop based email

Secure messaging protocols (Signal Protocol, OTR, MTProto, etc.) as well as clients (Signal, Wire, Telegram...)
Post Reply
mta
Posts: 2
Joined: Tue Aug 15, 2017 10:17 pm

Tue Aug 15, 2017 11:15 pm

In case anyone hasn't noticed pretty much all serious business is done in offices which contain either laptop or desktop systems yet all of the recent end to end encrypted messaging systems I've come across appear to be highly targeted at simple messaging services. They're essentially encrypted versions of SMS.

Don't they want to gain a market share of the enterprise market ?

I knew a CFO a while back who used to FedEx his end of month reports to his CEO as their email system wasn't deemed secure enough so that the techs / admins couldn't read it.

The young (I'm not one of them) appear to believe that 'everything' is going to be mobile. This may have some truth in it but I'm pretty sure it only applies to casual browsing, chat with friends / leisure time pursuits.

Where are the secure end to end encrypted GUI based email systems which are easy to use and don't require manual key management ?

User avatar
nadim
Site Admin
Posts: 11
Joined: Tue Aug 15, 2017 7:57 pm
Location: Paris, France
Contact:

Tue Aug 15, 2017 11:19 pm

mta wrote:
Tue Aug 15, 2017 11:15 pm
Where are the secure end to end encrypted GUI based email systems which are easy to use and don't require manual key management ?
You might be interested in Peerio.

DefuseSec
Posts: 3
Joined: Wed Aug 16, 2017 12:09 am

Wed Aug 16, 2017 12:24 am

There's also an abandoned project called Simple Messaging and Identity Management Protocol (SMIMP) which aimed to secure and simplify email: https://github.com/smimp/smimp_spec/blo ... ication.md

I just gave peerio a try and it seems really usable. I haven't looked at the crypto details, but their website says their code gets audited twice a year, so that's a plus.

User avatar
nadim
Site Admin
Posts: 11
Joined: Tue Aug 15, 2017 7:57 pm
Location: Paris, France
Contact:

Wed Aug 16, 2017 9:32 am

DefuseSec wrote:
Wed Aug 16, 2017 12:24 am
There's also an abandoned project called Simple Messaging and Identity Management Protocol (SMIMP) which aimed to secure and simplify email: https://github.com/smimp/smimp_spec/blo ... ication.md

I just gave peerio a try and it seems really usable. I haven't looked at the crypto details, but their website says their code gets audited twice a year, so that's a plus.
I think it's interesting to discuss whether an email-like use-case really needs to forego forward secrecy, which is an argument that's still being made today by such commercial offerings.

Advances in puncturable encryption suggest otherwise, at least to me, if you think about their implications on an implementation level.

mta
Posts: 2
Joined: Tue Aug 15, 2017 10:17 pm

Wed Aug 16, 2017 10:11 am

DefuseSec wrote:
Wed Aug 16, 2017 12:24 am
There's also an abandoned project called Simple Messaging and Identity Management Protocol (SMIMP) which aimed to secure and simplify email: https://github.com/smimp/smimp_spec/blo ... ication.md

I just gave peerio a try and it seems really usable. I haven't looked at the crypto details, but their website says their code gets audited twice a year, so that's a plus.
Good link, thanks. I haven't seen this one before. A lot of what they're saying makes sense.

I'm working on something which goes a little further than what the above link describes, it includes the 'Tor Expert Bundle' so instead of using https it uses the TOR network to connect to simple small and easy to run 'onion services' which act as mail servers.

This is enabled by the app working as a 'tor controller' via the control port and makes https kind of obsolete in this scenario.

This is just something I'm tinkering around with in my spare time at the moment although I'm making good progress and it's a good learning experience.

Post Reply