1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
@title = "Detalhes sobre o Email Bitmask"
@nav_title = "Email"
h2. Como usar
# Baixe e instale o Bitmask.
# Rode o Bitmask para logar ou criar uma conta num provedor de serviços.
# Configure o cliente de email de usuário para se conectar aos serviços de IMAP local e SMTP fornecido pelo Bitmask. No caso do cliente de email Thunderbird, esta configuração é semi-automática.
O Bitmask age como um "proxy" local entre o provedor de serviço e o cliente de email. Ele lida com toda a parte de encriptação e sincronização de dados.
h2. Benefícios do Email Bitmask
Como funcionalidades do email temos:
* O email encriptado Bitmask é fácil de usar ao mesmo tempo que continua compatível com os protocolos existente para email seguros (atualmente OpenPGP, e em breve com suporte adicional para S/MIME).
* Ao menos que já estejam encriptados, todos os emails novos são automaticamente encriptados para o destinatário no servidor antes de ser armazenado, para que só você consiga lê-los (inclusive meta-data). O servidor é capaz de ler emails não encriptados por um breve momento, mas jamais um email é armazenado de forma que o servidor possa lê-lo.
* Sempre que possível, emails enviados são automaticamente encriptados de forma que apenas o destinatário possa lê-los (se uma chave pública for encontrada para esse destinatário). Esta encriptação acontece no aparelho do usuário.
* As chaves públicas são [[automaticamente encontradas e validadas => https://leap.se/nicknym]], dando-lhe a confiança de que suas comunicações são confidenciais e enviadas para a pessoa certa (sem a dor de cabeça de fazer a assinatura com chave).
* O usuário não precisa se preocupar com o gerenciamento de chaves. Suas chaves sempre estão atualizadas em cada aparelho.
* O usuário pode usar qualquer cliente de email (e.g. Thunderbird, Apple Mail, Outlook).
* Quando desconectar da internet, o usuário ainda consegue interagir com sua cópia local de todos os seus emails. Quando uma conexão estiver disponível novamente, todas as mudanças são sincronizadas com o que foi armazenado no servidor e nos seus outros aparelhos.
Características gerais de segurança do Bitmask:
* Todos os dados armazenados são encriptados, incluindo dados locais e backups na nuvem. Esta encriptação sempre [[acontece no aparelho do usuário => https://leap.se/soledad]], para que o provedor de serviço não consiga ler seus dados armazenados.
* Embora você especifique um nome de usuário e uma senha para logar, sua [[senha nunca vai para o provedor => https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol ]].
* Se você baixar o Bitmask de https://dl.bitmask.net, seu provedor de serviço não poderá colocar uma backdoor que comprometa sua segurança.
* O Bitmask está sempre atualizado com os últimos correções (patches) de segurança (em breve).
h2. Como funciona
NOTE: jargões técnicos à frente.
h3. Recebendo emails
*Recebimento e armazenamento de mensagens*
# An incoming email is received by the provider's MX (mail exchange) server.
# The MX server re-encrypts the incoming email using the public key of the recipient user. This happens even if the email is already encrypted so that the metadata is not stored in a way that anyone but the recipient may access it.
# The user logs in to their Bitmask client:
## The client unlocks the locally encrypted storage database.
## The client asks the server if there is any new data and begins a synchronization process.
# The client downloads the new incoming message.
# The message is decrypted using the user's private key, and then stored in the locally encrypted storage database.
# The local storage database is synchronized with the provider's cloud storage service. To be stored on the server, a unique key generate for each document in the local storage database before it is sent to the server (see [[Soledad => https://leap.se/en/soledad]] for more details).
# If the user has the Bitmask client running on other devices, then these clients will notice the change to the storage database and re-synchronize.
*Message validation*
# If the received message was signed, the client will attempt to validate the signature.
# If the sender's public key is not already known to the client's key manager, the client will attempt to acquire it:
## If the email was sent from a LEAP-powered provider, the key will be anonymously requested from the sender's provider.
## If the public key is attached to the email, it will be imported.
## If the email contains an OpenPGP header, the client will download the public key from the specified source.
## If all else fails, the client will search OpenPGP keyservers for a key that matches the fingerprint on the signature.
# Once acquire, the sender's public key is stored in the locally encrypted and synchronized storage database.
# Public keys are updated using the rules for [[transitional key validation => https://leap.se/en/transitional-key-validation]].
*Reading the message*
The user can read the email in one of two ways:
# By connecting a mail user agent, such as Thunderbird, to the local IMAP server created by Bitmask.
# By launching the built-in mail app (in progress, not part of current stable releases).
h3. Sending mail
*Composing the message*
The user can compose an email in one of two ways:
# By connecting a mail user agent, such as Thunderbird, to the local SMTP server created by Bitmask.
# By launching the built-in mail app (in progress, not part of current stable releases).
*Encrypting the message*
# The client's key manager acquires the public key for each recipient, if not already stored.
## The key manager tries whatever means it can. Currently, this includes anonymously contacting the recipient's provider and searching OpenPGP keyservers, and will include DANE/DNSSec and CONIKS in the future.
## Discovered keys are stored in the locally encrypted storage database, and synchronized among the user's devices.
# The message is duplicated into separate copies, once for each recipient, and each copy is encrypted for one recipient and relayed for delivery.
*Relaying the message*
Currently:
# The Bitmask client connects to MX server of the sender's provider. This connection is authenticated using a X.509 client certificate stored by the client, a separate one for each sender email address.
# If the client certificate matches the "From" field of the email, then the email is DKIM signed and relayed to the destination MX server.
In the future (currently being developed):
# The Bitmask client checks to see if the recipient supports delivery via Panoramix (anonymous mix network).
** If supported, the client checks to see if the sender has permission to deliver anonymously to the recipient (via special delivery keys).
** If delivery permission is granted, the email message will be directly delivered to the recipient's provider using Panoramix. In this case, the sender's provider will never see the email.
# If Panoramix is not available, the Bitmask client connects to MX server of the sender's provider. This connection is authenticated using a X.509 client certificate stored by the client, a separate one for each sender email address.
# If the client certificate matches the "From" field of the email, then the email is DKIM signed and relayed to the destination MX server.
h2. Limitations
* Missing features: the initial release will not support email aliases, email forwarding, or multiple accounts simultaneously.
* You cannot use Bitmask email from a web browser. It requires the Bitmask application to run.
* The Bitmask application currently requires a compatible provider. We have plans in the future to semi-support commercial providers like gmail. This would provide the user with much less protection than when they use a Bitmask provider, but will still greatly enhance their email security.
* Because all data is synced, if a user has one of their devices compromised, then the attacker has access to all their data. This is obvious, but worth mentioning.
* The user must keep a complete copy of their entire email storage on every device they use. In the future, we plan to support partial syncing for mobile devices.
* We do not plan to support key revocation. Instead, we plan to migrate to shorter and shorter lived keys, as practical.
* With the current implementation, a compromised or nefarious service provider can still gather incoming messages that are not encrypted and meta-data routing information. For the future, we are working on a project called Panoramix that will allow for message routing that is anonymous and exposes zero meta-data information to the service provider (so long as both sender and recipient support Panoramix).
* OpenPGP and S/MIME message encryption has no forward secrecy, although we do use PFS ciphers for StartTLS relay. In the future, we hope to add additional forms of message encryption, such as Axolotl.
* With our current scheme of automatic key validation, there is a chance that a provider could endorse a bogus public key for a short period of time such that the holder of the correct key does not notice the subterfuge. In the future, we hope to add compatibility with CONIKS, which supports an cryptographic append-only log of all key endorsements and allows for strong auditing of these past endorsements.
For more details, please see [[known limitations => https://leap.se/en/limitations]].
h2. Related projects
There are numerous other projects working on the next generation of secure email. In our view, it is not possible to do secure email alone, it requires new protocols for handing key validation, secure transport, and meta-data protection. We will continue our efforts to reach out to these groups to explore areas of cooperation.
For a detailed report on all the related projects, see https://leap.se/secure-email
|
