[Bitcoin-development] BitMail - p2p Email 0.1. beta

[Bitcoin-development] BitMail - p2p Email 0.1. beta

[Randolph D.]

[-- Attachment #1: Type: text/plain, Size: 680 bytes --]

http://bitmail.sourceforge.net/


   - Secure P2P Email from Friend to Friend without relying on a central
   server.
   - Key- / Repleo-Exchange.
   - Full decentral Email-Network using the Echo Protocol.
   - Store Email for Offline-Friends in the P2P Network.
   - Chat and Instant Messaging is build in. Define & Add your friends.
   - Strong e2e Multi-Encryption (PGP-kind/AES over SSL: using
libgcrypt<http://www.gnu.org/software/libgcrypt/>).

   - Libspoton Integration.
   - Additional Security Layer with the GB-Feature for Emails.
   - Preventing Data Retention (VDS). WoT-less.
   - HTTP & HTTPS Connections.
   - Open Source. BSD License.

anyone with a Server? Key?

[-- Attachment #2: Type: text/html, Size: 1067 bytes --]

Re: [Bitcoin-development] BitMail - p2p Email 0.1. beta

[Gregory Maxwell]

On Mon, Jul 29, 2013 at 10:01 PM, Randolph D. <rdohm321@gmail.com> wrote:
> Secure P2P Email from Friend to Friend without relying on a central server.
> Key- / Repleo-Exchange.
> Full decentral Email-Network using the Echo Protocol.
> Store Email for Offline-Friends in the P2P Network.
> Chat and Instant Messaging is build in. Define & Add your friends.
> Strong e2e Multi-Encryption (PGP-kind/AES over SSL: using libgcrypt).
> Libspoton Integration.
> Additional Security Layer with the GB-Feature for Emails.
> Preventing Data Retention (VDS). WoT-less.
> HTTP & HTTPS Connections.
> Open Source. BSD License.
>
> anyone with a Server? Key?

Keep safe everyone:

A number of apparent sock accounts has been posting about what appears
to be the same software under the name "goldbug" for a couple days
now:

e.g.
https://lists.torproject.org/pipermail/tor-talk/2013-July/029107.html
https://lists.torproject.org/pipermail/tor-talk/2013-July/029125.html
http://lists.gnupg.org/pipermail/gnupg-users/2013-July/047137.html

Re: [Bitcoin-development] BitMail - p2p Email 0.1. beta

[Mike Hearn]

[-- Attachment #1: Type: text/plain, Size: 2686 bytes --]

For people who are interested in such technologies, I recommend looking at
Pond:

https://pond.imperialviolet.org/

It is written by Adam Langley, so it comes with some serious credentials
behind it. It provides asynchronous email-like messaging that's forward
secure, resistant to traffic analysis and the whole thing runs over Tor.
Messages are stored for a week and are strictly limited in size. There's no
spam because nobody has an address - instead you have to grant someone the
ability to message you by giving them a small file. So, not really intended
as an email competitor convenience wise, but it has many interesting ideas
and a reasonable GUI.

As a testament to the seriousness with which Pond takes forward security,
it can use the NVRAM in a TPM chip to reliably destroy keys for data that
an SSD device might have otherwise made un-erasable.

The main downside - it's written in Go :)


On Tue, Jul 30, 2013 at 8:50 AM, Gregory Maxwell <gmaxwell@gmail.com> wrote:

> On Mon, Jul 29, 2013 at 10:01 PM, Randolph D. <rdohm321@gmail.com> wrote:
> > Secure P2P Email from Friend to Friend without relying on a central
> server.
> > Key- / Repleo-Exchange.
> > Full decentral Email-Network using the Echo Protocol.
> > Store Email for Offline-Friends in the P2P Network.
> > Chat and Instant Messaging is build in. Define & Add your friends.
> > Strong e2e Multi-Encryption (PGP-kind/AES over SSL: using libgcrypt).
> > Libspoton Integration.
> > Additional Security Layer with the GB-Feature for Emails.
> > Preventing Data Retention (VDS). WoT-less.
> > HTTP & HTTPS Connections.
> > Open Source. BSD License.
> >
> > anyone with a Server? Key?
>
> Keep safe everyone:
>
> A number of apparent sock accounts has been posting about what appears
> to be the same software under the name "goldbug" for a couple days
> now:
>
> e.g.
> https://lists.torproject.org/pipermail/tor-talk/2013-July/029107.html
> https://lists.torproject.org/pipermail/tor-talk/2013-July/029125.html
> http://lists.gnupg.org/pipermail/gnupg-users/2013-July/047137.html
>
>
> ------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent
> caught up. So what steps can you take to put your SQL databases under
> version control? Why should you start doing it? Read more to find out.
> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

[-- Attachment #2: Type: text/html, Size: 3981 bytes --]

Re: [Bitcoin-development] BitMail - p2p Email 0.1. beta

[Wendell]

Can you explain this process for those of us not too familiar with TPM chips?

-wendell

grabhive.com | twitter.com/grabhive | gpg: 6C0C9411

On Jul 30, 2013, at 10:40 AM, Mike Hearn wrote:

> As a testament to the seriousness with which Pond takes forward security, it can use the NVRAM in a TPM chip to reliably destroy keys for data that an SSD device might have otherwise made un-erasable.

Re: [Bitcoin-development] BitMail - p2p Email 0.1. beta

[Mike Hearn]

[-- Attachment #1: Type: text/plain, Size: 2424 bytes --]

The TPM is a piece of secure* hardware that provides various cryptographic
services to the host system. It is important to understand that it is not a
crypto accelerator. It is a place to store keys and small pieces of data
(like hashes, counters) where it's difficult for someone to extract them
even if they have physical access.

The TPM is designed to support trusted computing, a rather splendid set of
extensions to the x86 architecture that let you do remote attestation,
software sealing and other things. Or at least it would be splendid if it
had been really finished off and pushed to completion by the designers.
Unfortunately due to various political issues it exists in a
quasi-finished, semi-broken state which only experts can use. Without a
doubt you have never run any software in a TC environment.

As part of that role, the TPM provides some permanent storage in the form
of NVRAM. Because the TPM is designed to be as cheap as possible, it has a
limited number of write cycles. Normally you're meant to store Intel TXT
launch control policies and sealed keys there, but Pond uses it in a
different way by storing keys there that it encrypts local data with. By
erasing the key in the TPM chips memory area, the data on disk is
effectively destroyed too.

This is useful because modern "disks" are often SSD drives, or physical
metal disks that use log structured file systems. Because flash memory has
a limited number of write cycles per cell, internally SSDs have firmware
that remap writes from logical addresses to different physical addresses,
the goal is to avoid wearing down the drive and extend its useful life.
Normally it doesn't matter, but if you want to delete data such that it's
really really gone, it obviously poses a problem. Using TPM NVRAM solves
it, albiet, at a high usability cost.



*note: actual tamper resistance of real-world TPM chips is not something
that seems to have been studied much


On Tue, Jul 30, 2013 at 1:27 PM, Wendell <w@grabhive.com> wrote:

> Can you explain this process for those of us not too familiar with TPM
> chips?
>
> -wendell
>
> grabhive.com | twitter.com/grabhive | gpg: 6C0C9411
>
> On Jul 30, 2013, at 10:40 AM, Mike Hearn wrote:
>
> > As a testament to the seriousness with which Pond takes forward
> security, it can use the NVRAM in a TPM chip to reliably destroy keys for
> data that an SSD device might have otherwise made un-erasable.
>

[-- Attachment #2: Type: text/html, Size: 3064 bytes --]

Re: [Bitcoin-development] [bitcoin-list] BitMail - p2p Email 0.1. beta

[Mike Hearn]

[-- Attachment #1: Type: text/plain, Size: 2073 bytes --]

TPMs have come as standard with nearly all computers (except Macs, doh) for
a long time. They certainly don't cost $100. More like a few dollars at
most. That's why they're so slow.


On Tue, Jul 30, 2013 at 10:43 PM, grarpamp <grarpamp@gmail.com> wrote:

> On Tue, Jul 30, 2013 at 8:12 AM, Mike Hearn <mike@plan99.net> wrote:
> > The TPM is a piece of secure* hardware
>
> I've seen some motherboards with a TPM module header but none
> came with it installed. I think the modules themselves might be
> $50-$100 range. They might come with some API docs.
> Some of you might have links to ones you've used...
>
> > As part of that role, the TPM provides some permanent storage in the form
> > of NVRAM. Because the TPM is designed to be as cheap as possible, it has
> a
> > limited number of write cycles. Normally you're meant to store Intel TXT
> > launch control policies and sealed keys there
>
> > the goal is to avoid wearing down the drive and extend its useful life.
> > Normally it doesn't matter, but if you want to delete data such that it's
> > really really gone, it obviously poses a problem. Using TPM NVRAM solves
> > it, albiet, at a high usability cost.
>
> If said TPM storage has a 'limited [but unfixed number of write cycles',
> that
> sounds unreliable. It would seem to me that both reliable and 'really gone'
> are achievable on platters (or lesser, with ssd) provided the disk was also
> encrypted. Nuke that key and it's reliably gone.
>
>
> ------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent
> caught up. So what steps can you take to put your SQL databases under
> version control? Why should you start doing it? Read more to find out.
> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> bitcoin-list mailing list
> bitcoin-list@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-list
>

[-- Attachment #2: Type: text/html, Size: 2937 bytes --]

Re: [Bitcoin-development] [bitcoin-list] BitMail - p2p Email 0.1. beta

[Mike Hearn]

[-- Attachment #1: Type: text/plain, Size: 1768 bytes --]

"Support" for a TPM is a rather tricky thing.

By itself the TPM is independent of any CPU. However, it's also not very
useful (though for Pond's use case, it works).

The TPM gets much more useful when it's integrated with features on the
motherboard, BIOS, CPU, northbridge, IOMMU etc. Then you have a full blown
TCG-compliant TC environment, which is useful for many things. Actually it
was never very useful for DRM - that was only one theoretical possibility
that was never implemented and even if it had been, TC is to DRM much as
cryptography is to DRM. So the FUD was just that: fear, uncertainty and
doubt which probably crippled a highly useful cryptographic security tool
for good. One of the more shameful periods of the tech industries history,
if you ask me.



On Wed, Jul 31, 2013 at 5:39 AM, Blibbet <blibbet@gmail.com> wrote:

> On 7/30/13 3:58 PM, grarpamp wrote:
> > [...] And if AMD even has this stuff.  [...]
>
> Yes, AMD does have TPM.
>
> Sorry, not sure which models support it.
>
> http://www.amd.com/us/products/embedded/das/Pages/security.aspx
>
>
> http://www.amd.com/us/products/desktop/platforms/Pages/desktop-platforms.aspx
>
>
>
> ------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent
> caught up. So what steps can you take to put your SQL databases under
> version control? Why should you start doing it? Read more to find out.
> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> bitcoin-list mailing list
> bitcoin-list@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-list
>

[-- Attachment #2: Type: text/html, Size: 2731 bytes --]

Re: [Bitcoin-development] [bitcoin-list] BitMail - p2p Email 0.1. beta

[Mike Hearn]

[-- Attachment #1: Type: text/plain, Size: 1012 bytes --]

Sorry, I just noticed that this thread was CCd to the announce list not the
development list (why is it open access?)

It's offtopic anyway. Let's continue this discussion in private if anyone
wants to.


On Wed, Jul 31, 2013 at 5:53 PM, Mike Hearn <mike@plan99.net> wrote:

>
> The reason why TPM functionality was so much hated upon is because
>> it was pushed by a software/hardware monopoly, not just for DRM but
>> for locking down the system in general.
>>
>
> Regardless of what some people might have imagined or extrapolated at the
> time, the actual published specifications and technologies were nothing
> like that. There has never been a TC/TPM mode that would have generally
> locked systems down or even been useful for DRM (that'd have required a
> trusted hardware path which was never specced nor implemented).
>
> Locking a system down against tampering or for DRM does not require
> flexible open specifications with multiple competing implementations. It
> requires you to do an Xbox 360.
>

[-- Attachment #2: Type: text/html, Size: 1609 bytes --]

Re: [Bitcoin-development] BitMail - p2p Email 0.1. beta

[Randolph D.]

[-- Attachment #1: Type: text/plain, Size: 125 bytes --]

right the original Topic was BitMail
here a Server running for the next few days to test BitMail.sf.net

 178.83.35.133:4710

[-- Attachment #2: Type: text/html, Size: 252 bytes --]