- Details
- Category: wxMailto:
There is no simple-to-use, secure mail client. You can get GPG- and PGP-plugins, but the mail client itself will never help you communicating in a secure manner. Hence, my long-term project is to make such a beast. Building on experience from making the Opera M2 mail client, and the Opera way of always thinking security, I've named the project "wxMailto:" (a combination of the mailto: URI, the fact that it is a wxWidgets application, and linguistically compares well to M2..)
The number of design principles are actually quite few: * The application must behave as secure as possible, and always show when something is done in the "not as secure as possible" way. * The application must be easy to use, even for non-tech users. * The application must be open-source, so other can verify that it is secure (both in design and in implementation). * The data must be safely stored (as in, transaction-based) in a database, but data must be considered unsafe (as if cleartext). As the data is considered unsafe, the database itself needs not require any passwords or encrypted file-system - security is handled one level up (automatically, by the application).
And the design itself: * The first thing that happens the first time you run the application, is to be asked for importing or generating a GPG key, and provide a connection-string to a database. These are advanced topics, and great care will have to be made for even non-tech users to complete this dialog. * All content must be clearly marked as secure, secured (not insecure, but not as secure as it could be), or insecure. * There will be no traditional folders. We build Opera M2 around "virtual folders" (using a fixed set of tags), Google Gmail extended it a bit with their "label" (like Opera M2 tags, but easily user-extendable) and "colors", but still keeping sent-mail, trash etc as fixed folders. WxMailto: will use tags exclusivly, with a set of fixed rules for adding "inbox", "sent", "trash" etc tags, but also user-added rules for setting or removing tags. * The first time (or when asked to) you send a mail to someone the system does not have a GPG key for, such a key will be requested. If requested, such a key will be provided in the next reply, automatically. All security in wxMailto: is based on GPG keys, and great care will be taken to send out keys, collect keys and use keys, without users having to know anything about GPG keys or PKI theory. * GPG keys will also be used for secure chat and videoconferencing. It will have to be point-to-point, as systems that rely on a server (Gmail chat or Skype videoconferencing) cannot be guaranteed to be secure.
..more
- Details
- Category: wxMailto:
