|
|
|
|
|
Tiger Envelopes: Design |
Tiger Privacy
|
Tiger Privacy |
- Email proxies that encrypt and decrypt automatically
- Layered encryption
- If any layer works, your communications are private
- Multiple layers for bad guys to crack
- Full source code included
- Tiger Envelopes, intended for personal use, is under the GPL
- Tiger Business Envelopes is commercial. Source code is included for security audits and so customers can build it from source, but it's not GPL.
- End-to-end encryption
- The goal is for the package to be as close to invisible as possible while you're doing mail
- UI is very easy, attractive, and fast. The biggest impediment for PGP has always been ease of use.
- Later versions
- Tamper resistant audit trail
- Header encryption
- e.g. "Subject: (encrypted in body)"
- Mail filtering
- Executables
- Attachments
- Embedded in html
- Many varieties
- Javascript
- Java
- DirectX
- Plugins
- "object", "class", etc.
- Pass only accepted html tags
- DOC files
- Optionally block all binaries
- Peer-to-peer direct messaging
- Direct SMTP
- Jabber + OCE = Encrypted IM
- Peer-to-peer remailer
- Include spam filtering in the same release
- Peer-to-peer distributed key-servers, a la Gnutella's supernodes
- Multiple personas
- Each has own
- Mailing address
- External SMTP/POP3/IMAP servers
- Keyrings?
- Auto-creation of mailboxes?
- Great for throw-aways
- Some services don't want auto-creation and have good countermeasures, such as Yahoo
- Web based mail systems don't all support POP3, and almost none support SMTP
- Traffic shaping
- Padding
- Packetization
- Rerouting handled by remailer
- Pipe stuffing
- User selects network costs
- "Charged for connection time or throughput"
- "Flat fee"
- User selects throughput
- "Dialup, ADSL, or ISDN"
- "Fast LAN connection, DSL, cablemodem, etc."
- "More than I can use"
- If not flat fee, ask user before doing pipe stuffing
- We only use a selectable percentage of the available throughput
- Pipe stuffing is too expensive for surfing, but not for ordinary volumes of mail
- Mail works fine with low throughput and high latency
- Cooperative spam filtering based on spammer's contact info
- Shared patterns to filter a la Vipul's Razor
- Checking contact info will actually work
- Spammers have to tell you how to buy from them
- The more they disguise that info, the lower their sales
- Necessary to counter abuse of remailer
- Web proxy, possibly as another product
- Only specified sites allowed to send javascript, java, etc.
- Filtering of ads
- Nyms
- Firewall enhancements
- The most effective firewalls chain different solutions from different vendors
- Combat HTTP tunneling by blocking all connections a browser hasn't authorized. This still leaves vulnerabilities in the browser, firewall itself, etc.
- Pluggable encryption API
- Plugins available
- Full source code included under the GPL
- Pure java
- Faster development
- More reliable
- Plugins can be in any language
- No key escrow, under whatever alias
- Keys for roles, as opposed to individuals, work better
- Policies are basically the same as for physical keys
- Spare copies can be made or not, as appropriate
- Keys are turned over to successors
- Key escrow creates a single point of failure and makes surveillance easy
- Later versions
- All use of private keys only on separate offline machine
- Other forms of encryption
- Symmetric
- Streaming
- Steganography
- Chaining encryption allows
- Public key or symmetric encryption hidden by outer stego layers
- Removing "fingerprints" of encryption methods is essential, particularly for stego
- Multiple parallel channels, some of which may be decoys or disinformation
For many years the Tiger developers spent about a third of every project on structured analysis and design. In a world with RAD IDEs, these documents are all the design Tiger Envelopes is likely to have. It's easier to just build it, and change it as needed.
|
Privacy policy
Copyright © 2005-2007 Tiger Privacy |
|