The Darkmail Alliance
Posted by: Zubair Muadh
February 25, 2015
After being forced to shut down his service in order to not hand over user data, Lavabit founder Ladar Levison teamed up with Mike Janke and Jon Callas, the CEO and CTO of Silent Circle. They also shut down their email service out of fear of being forced to hand over user data to authorities. They together have formed ‘The Darkmail Technical Alliance’ along with Phil Zimmerman, the man who brought PGP encryption to the masses.
The mission aim is to create a Darkmail Protocol. A new email protocol that’s end-to-end encrypted and all that an outside observer can see is the size of the email.
The Darkmail Whitepaper can be found here (WhitePaper) the project is known collectively as Dark Internet Mail Environment (DIME). The Source code for DIME-Integrated Lavabit: Lavabit SourceCode
The way DIME works is that it applies multiple layers of encryption to an e-mail to make sure each actor in each stage of the email’s journey to sender to receiver can only see the information about the email as they need to see.
Anyone monitoring the email would be able to see the size of the message but that’s about it– Iain Thomson</p>
When an author sends an email they can see where it’s bound, the email server can’t the email server only can only decrypt the part of the message that contains the recipients email server. The Recipient e-mail server knows the destination server and the recipient but doesn’t know the sender so each actor can see only one hop before it and after it.
This relies on a federated key management system to handle the encryption layers as every actor in the DIME chain has to have its own Key pairs (a set of public and private keys) to encrypt and decrypt the required email portions it needs. Ladar Levison sees this to work in a DNS-like system with each organization that uses DIME being the authoritative source of the encryption keys for its servers and email addresses. Though specifically Levison settled for DNSSEC as the preferred method for holding a domain’s email trust anchor. This though runs into the problem of poor adoption which means that a Certificate authority signed TLS certificate would be required to validate the keys.
There’s an optional mode available wherein email servers transparently do the client’s email encryption for them in what’s called “trustful mode” and can either be a bridge for users to use until they have a client program that fully supports DIME. This gives email-hosting companies the potential to deploy DIME for hosted accounts without having to have mail client issues.
Levison plans on releasing Lavabit’s source code under an open source license after incorporating in the dark mail protocol into the Lavabit source code.
Issue with Darkmail would be backwards compatibility since it’s a completely new email protocol it will be incompatible with current email system. This will have to be bridged by darkmail gateways. Some darkmail providers would offer an email gateway to facilitate for a darkmail email to be sent out into the normal e-mail system using SMTP etc.
Darkmail offers flexible user-security with a basic level of encryption and security built into the protocol. Administrators setting up DIME can specify additional ciphers and encryption methods to deploy in order to secure the email and the DIME protocol would wrap it all in the baseline encryption that’s known to be secure.
Updated: 2015-02-25