💾 Archived View for bbs.geminispace.org › u › jeang3nie › 877 captured on 2023-12-28 at 18:14:10. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-14)
-=-=-=-=-=-=-
Re: "Thoughts on the draft spec"
@lem embedded is a good point. It would be cool to see a misfin server running on a pico or esp32!
May 24 · 7 months ago
🚀 mbays · 2023-05-24 at 15:42:
@lem But if the assumed mimetype is text/gemini, encrypted messages could only be implemented through a horrible hack, right?
If it's intended that users run their own servers, then there's no problem of course. But then having multiple mailboxes on a given server seems like unnecessary complexity?
Even the most minimal system with end-to-end encryption would be quite a bit more complicated than misfin, it's true. Still, I'm uneasy about accepting transport-only encryption as good enough for a new email-like protocol.
🐐 satch · 2023-05-24 at 17:49:
@mbays Depends on what you find to be a horrible hack - a PGP encrypted message could be sent as text/gemini very simply using a preformatted text block. To me, that's not bad.
🦀 jeang3nie · 2023-05-24 at 17:51:
@satch I almost mentioned that one could just use pgp the same way it's done in regular email. Then I remembered how much pgp sucks.
🐐 satch · 2023-05-24 at 18:06:
IMHO end-to-end encryption hasn't been implemented in a genuinely easy way anywhere. It always comes at a price. Clients can try to hide it from users, but it still has costs.
So I guess my question is, what implementation of end-to-end encryption sucks less than PGP? What would that look like for Misfin?
Sending unencrypted messages to a server is usually OK for most people, especially for the purposes of the small web (the target userbase of Misfin). A Misfin client which makes PGP-style encryption easy is totally doable. Once you start introducing multiple devices, e2e will get annoying no matter what protocol is being used.
🦀 jeang3nie · 2023-05-24 at 19:40:
Any way you encrypt it, the receiver must have the key to decrypt it. So the question becomes, how do you get the key to the receiver without sending it the the server first? It's the proverbial chicken and egg proglem. Pgp may suck, but it at least is a solution. Unless someone has a really actually nice solution I can't see making it a required part of the spec.
🚀 clseibold · Sep 25 at 05:41:
There are some important things in this conversation. The first is whether it's intended that each user has their own server. If this is so, then that puts a high burden on people who are on ISPs where their IP Address may change, and it requires that you have a dedicated device in a fixed location on a fixed network. Not everybody has this, unless there's some way to put a misfin server on like your modem or something, because most people's computers nowadays are portable, and so they are never guaranteed to be on a fixed network (the devices connect to different networks as the person moves around the world).
So, having the option for multi-user servers is a really good thing, imho.
Next, having different mailboxes could be useful even for single individuals (send different types of mail to the different mailboxes of an individual, for example), and this could actually become a way of categorizing mail, which I find to be a really cool idea.
Now, the encryption thing is interesting. You need some way to get a key to encrypt your message with that public key, to send it to the person so that it can be decrypted by that person.
Getting the public key is easy - you ask the server for the public key. You encrypt the message, and you send it to that server. Then the receivers *client* on their own computer decrypts with the private key. This is practically how email worked in ZeroNet, lol, except ZeroNet was also decentralized by using a bittorent-like protocol. But this separates out email clients from email servers.
Now, I haven't read all about the protocol, so I don't know how attached email *clients*/readers are to the email servers, but there could be a client on one's own computer that has the private key, and the email server just has the public key that can be given to those who ask the server for it. This allows for a multi-user setup where there's a central email server and each person has a client that fetches the emails from that server. Yes, this is literally just a recreation of Pop3, lmao.
The other problem with encryption is how sending an email to multiple users works.
🦀 jeang3nie · Sep 25 at 14:22:
The spec doesn't go into how mail is stored and fetched, only the transmission. Servers and clients are pretty much free to invent.
If I eventually finish my implementation, the general idea is for a multi user system where the users all have shell accounts, as they would on a Pubnix. You log in and can view your mail with a simple pager or text editor. That provides a really sturdy fallback. On top of that, a webmail like system could eventually be built that serves your mailbox over Gemini using the same pubkey you use to send mail for access.
Thoughts on the draft spec — Misfin is a nice idea, but I'm worried that it doesn't make sense to replace email with something lacking end-to-end encryption. A server on a multi-user system gets the plaintext of messages to its users. It's fine if you run the server on your own home server, but I guess that wouldn't be the typical configuration. I wonder if it would be feasible to work in a PGP-like mechanism using the same client key as in the client certificate... Some other little thoughts...