One alternative to SMTP for email: Confidant Mail

Ben McGinnes ben at
Sun Apr 5 08:25:40 CEST 2015

On 30/03/2015 8:28 am, Mike Ingle wrote:
>> Why should the user need to delete one, rather than just be told
>> there were two and the one with such-and-such a fingerprint (or the
>> one highlighted) signed this message? If it is just a string in a
>> key UID rather than a functional email address, it will not
>> necessarily be unique.
> There should not be two or more keys advertised for one email
> address. That creates confusion, requires the recipient to have two
> CM accounts, and increases the risk of bogus keys being used. Since
> CM keys disappear from the key search results about a month after
> the key owner stops advertising them, people should delete old or
> bogus keys from their keyrings.

Now you're making an assumption that all email addresses are created
for individuals.  Yet you also see a possible future of businesses use
it.  So if it is ever used by a team of people who all send email from
something like support at, you will encounter that scenario very
quickly.  Hence it would be better to simply have warnings of a
potential conflict rather than forcing the recipient to only choose
one sender.

> Once the owner stops advertising the key (by using it in a CM
> account), after a month or so the STORUTIL will remove it from the
> servers. That depends on how often server operators run STORUTIL to
> prune their server directories.

Meaning that if you run your own server you don't have to maintain the
account too much if it sees very little traffic (initially).  Good.

>> > Anyone can run a provider and I expect them to range from strictly
>> > business to the dodgy darknet variety.
>> Using "darknet" services to enhance privacy does not equate to
>> "dodgy". A person's communications are none of anybody else's
>> business, apart from whoever they choose to communicate with.
> No offense to the darknet intended. I'm in favor of more widespread
> Tor and I2P usage, that's why I built in support for it. Using CM
> over hidden services is a good way to avoid social graph building.

Not to mention a good way to circumvent mandatory communications
surveillance and transnational corporations who believe they should be
able to view all your communications to make sure you're not quoting a
film without paying a tithe.

> An example of a "dodgy darknet provider" would be if one of the
> darknet markets decided to run a couple of covert CM servers (having
> only Tor hidden service addresses) to facilitate vendor to customer
> communication. That would solve the problem of some users not
> encrypting their messages, and would allow people to communicate
> even if the hidden website server is down.

Heh.  Yes, it would be a good solution from them, but from what I've
seen they're just as lazy as the Stratfor employees (which is why
Stratfor got cracked and the others got arrested).

> Suppose a reporter on a "strictly business" CM provider wanted to
> interview vendors of that darknet market. She could do so using CM
> without needing a technical expert to handle the encryption, and
> without either party being exposed to any risks. In the past that
> has been difficult.
> It is also possible to run mailing lists and file servers over CM. I
> am currently running a CM users' mailing list.

Cool.  There are definitely still aspects of it which need work,
mainly on the user interface end from what I can see so far, but it
answers so many problems (including Moxie Marlinspike's recent
complaint about OpenPGP and forward secrecy) that it could make a real
difference for a lot of people.

I still think, though, that the better solution for the UI issues is
to provide the specifications and an API so people can either adapt
their existing favourite clients to support CM or write whole new
ones.  It's the sort of system which nmh would handle very well, for
example.  No doubt there would be assorted other types of solutions
being adapted to it (I'd expect some people to treat it more like an
IM program than an email program too, depending entirely on how they
made the UI appear and behave).  By all means, use your own client as
an example, but if you want wider adoption then take advantage of
others wanting to do their own things with it.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150405/1a0deebf/attachment.sig>

More information about the Gnupg-users mailing list