Wouldn't Lavabit be better if all decryption was done on client side, either with javascript or a client side add-on/extension? This way the only thing that is ever on the server is the public key? The only thing left would be if it had been in a man-in-the-middle attack... which is always an issue on the internet unless every part is encrypted which is hard to do... though internally it could potentially be safe as it would not ever be sending out of itself and emails being sent would also be encrypted client side using javascript/add-on/extension...
(also have the keys generated on client side)
yes this would inevitably be a large client side program but for security it would be worth it.
This is a tempting approach, but man-in-the-middle attacks, or the equivalent compromised or legally-strongarmed servers are the whole problem here. Any client-side logic that is served by a server can only be trusted as far as that server (and your communication channel to it), which means that in this case it's almost useless.
There doesn't seem to be any serious alternatives to thick, open-source, locally installed clients. As a web affectionado and JavaScript nerd, this pains me too, but we'll have to get used to it.
Then I think it's time to look at a mail system that doesn't need servers something built on top of the bit torrent grid or similar system that the government can watch all they want but won't get any information back from it and have it completely open source... this will take out man-in-the-middle and a central server compromised issue and there will be no one to legally strong-arm.
It's been attempted, but the issue of storage remains the most bothering. A mailbox can be pretty big and having it distributed over the network is difficult. Not to mention spamming problems.
Maybe some day we'll find the right formula. But I think the who-owns-the-private-key problem is a bigger priority.
"It's been attempted, but the issue of storage remains the most bothering. A mailbox can be pretty big and having it distributed over the network is difficult. Not to mention spamming problems."
Not for nothing, but Usenet is a distributed email system. Yes, most people use it as a forum or a file transfer system, but once upon a time it was a way to send email. One downside was that people had to locally find a path for routing their mail through the network, though I suspect that with modern techniques that would be irrelevant. Storage is not an issue if people can download their mail. Privacy is achieved with public key encryption, authentication with digital signing.
The real issue is not spam (which is already manageable with modern spam filters), but the fact that you need to download your mail and store it yourself. That does not really mesh with how people are using email these days. This is, in my view, the big stumbling block to strong encryption -- people are frustrated by systems that prevent them from reading their mail on their friends' computers (or kiosks, etc.).
well this could be fixed by using something like bittorrent sync to allow you to keep your "inbox" wherever you want all you need is the code... and storage space... and well at least 1 of your own computers that already has the inbox to be online at the same time. this also uses a separate dht table to sync and as long as your inbox is only in the megabyte it wouldn't be that hard to read your email from your friends computer or any other computer... but i do agree I would want to limit the ability to spam the network as this would load down a lot of the peers with excess mail that they actually wouldn't need... maybe somehow limit how many messages each node can send out... as this system would be like torrents but you would need a private key to open... you could send mail to multiple people they download the one message and decrypt it you wouldn't really need multiple message sent so if a node is sending many the rest of the network could identify that and ignore that node...
