[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How to have your encrypted mail in two places at once

IMAP and webmail makes it easy to access your mail on two or more 
machines, and have all your folders stay in sync. Encryption tends to 
break that: your inbox might work across machines, but your Sent Items 
and personal folders tend to be stuck on one machine.

Confidant Mail 0.24 has a solution for that problem. You can have the 
same GPG key on two or more machines. Using a secure replication 
protocol, your sent items, read status of incoming mail, personal 
folders, and deletions are all automatically copied to the other 
machines. This provides an IMAP-like experience with encrypted mail.

I am looking for advice on how to implement a mobile client:

Option A is to re-create the current client functionality for the mobile 
platforms. That is a lot of work, and I am not experienced in mobile 
programming. There is a port of gpg to Android, but I don't know how 
good it is. I know zero about Apple.

This has disadvantages: for example, if I receive a 1GB message at home, 
there is no way for the phone to get only part of that message. It needs 
the whole message to check the signature.

The worst problem, however, is that you are carrying your private key 
around with you. Phones are not secure and cannot be made secure. The 
carrier has root on the phone, whether you do or not. Phones are easy to 
physically take, and do not have trustworthy encryption. I do not want 
my GPG key on my phone.

Option B is three-tier client server. Your PC at home has the private 
key, and talks to the Confidant Mail server. It also exposes a port 
which the phone accesses over a secure connection. The phone can request 
parts of messages, and the PC does the GPG encryption and decryption.

This has the advantage that the phone client is smaller, the big message 
problem is solved, and the exposed key problem is solved. The middleware 
on the PC could have constraints such as not allowing the whole mailbox 
to be downloaded, and logging itself out after some number of failed 
remote access attempts.

The downside is you need a PC running, you need to be smart enough to 
expose a port, and the PC is sitting there unattended, with the private 
key in memory, waiting for someone to come and grab it.

Option C is a mobile web client. Similar to B, but instead of a 
client-server protocol, it uses HTTPS and generates mobile friendly HTML.

Advantages relative to B are that one client supports all the mobile 
platforms, and there is no mobile code to write. Disadvantage is that 
the mobile browser is pretty easy to hack, and there is likely plaintext 
cached in the phone at any given time.

Anyone who needs strong security probably should not use a mobile 
device. However, many people will want access to Confidant Mail on their 
phones. Do you have an opinion on the right way to provide it?


Mike Ingle <[email protected]> d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2