Silent Circle, Lavabit unite for 'Dark Mail' encrypted email project

Dark Mail will provide end-to-end encryption, including email metadata

By , IDG News Service |  Unified Communications

The private key used to encrypt email will be held on users' systems and not retained by a service provider. Even if the government forced a SSL key to be turned over, users would not be compromised "because all of the messages are encrypted to keys that are sitting in the hands of the recipient," Callas said.

In that case, the party interested in the communication would have to request the encryption key from a person or find another way to decrypt the message.

Snowden's documents showed the NSA was also collecting email metadata, which reveals a sender's and recipient's email addresses, subject line of the email, IP addresses and more. Dark Mail will encrypt the metadata, using the XMPP protocol to signal when a new message has arrived, Callas said.

The alliance is also considering longstanding problems around encryption keys, such as public and private key pairs that are in use for years. "The longer that a key stays around, the bigger of a vulnerability it is," Callas said.

One idea is to create a protocol that would only keep a static public key for just a few hours or a day and then refresh it. Older messages would need to be re-encrypted with a new key to maintain access, but it would provide much better long-term protection for sensitive messages, Callas said.

Also under consideration is "forward secrecy," an encryption feature that limits the amount of data that can be decrypted if a private key is compromised in the future.

Wide use of encrypted email has implications for companies such as Google, which displays advertisements based on email content. In industries such as financial services, companies are required to retain email for compliance regulations.

There's also a convenience factor, as email encryption isn't necessarily easy to implement, especially as people use multiple tablets and mobile phones and desktop computers. Callas said Dark Mail will be flexible, allowing users to send unencrypted email if they don't need an extra level of security.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Unified CommunicationsWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question