Ladar Levison the founder of the secure e-mail service Lavabit, was shut down in mid-2013 in an effort to avoid being forced to comply with a US government demand to turn over usersโ e-mails.
Ladar Levison’s latest project is a larger scope than his originally hosted e-mail service, with the aid of some fellow crypto-minded developers, he wants to change basic e-mail and build an automatic encryption service into email’s fundamental nature.
Ladar Levison one of the members of the Darkmail Technical Alliance collective including Jon Callas, Mike Janke, and PGP designer Phil Zimmermannโis currently working on a project collectively referred to as DIME, (Dark Internet Mail Environment).
DIME is to take the form of a replacement for existing e-mail servers that will be able to use DMTP (Dark Mail Transfer Protocol) and DMAP (Dark Mail Access Protocol) to encrypt e-mails automaticly by default. DIME applies multiple layers of encryption to an e-mail to ensure that each stage of the e-mailโs journey from sender to receiver only sees the data about the e-mail that they need to see.
Both the e-mailโs author and recipient know who sent the message and where it was bound, but the authorโs e-mail server doesnโt know and it can only decrypt the part of the message containing the recipientโs e-mail server. The recipient e-mail server only knows the destination server and the recipient, but it doesnโt know the sender.
Arranging these four steps in a line from left to right; author, origin server, destination server, and recipient. each step in the line is only aware of the identity of the entity directly to its left or right.
To make this work, a federated key management system handles the layers of encryption, because every entity in the DIME chain has to have its own public and private keypair to encrypt and decrypt the portions of the e-mail that it needs to be able to encrypt or decrypt.
This will work in the same manner as DNS, with each organization that uses DIME being the authoritative source for encryption keys for its servers and e-mail addresses. DNSSEC will be the preferred method for holding a domainโs e-mail trust anchor, this will also allow the use of a root Certificate Authority-signed TLS certificate to validate keys.
The initial implementation of DIME will use a fork of Lavabitโs Magma e-mail server, but will expand to have support for DIME in Postfix and other common Mail Transfer Agents. The DIME is a Magma-based server with functions simular to Exchange, combining the roles of Mail Transfer Agent and Mail Delivery Agent into one monolithic server. If a userโs e-mail client (the MUA, or Mail User Agent) doesnโt support DIME, the spec allows the DIME server to transparently generate keys for the user and encrypt the userโs messages on their behalf.
According to Ladar Levison
“You update your MTA, you deploy this record into the DNS system, and at the very least all your users get end-to-end encryption where the endpoint is the server, And presumably more and more over time, more of them upgrade their desktop software and you push that encryption down to the desktop.”
This optional mode wherein the e-mail servers transparently do the clientโs encryption for them, is called โtrustful modeโ and can either be a bridge for users to until they have a client program that fully supports DIME, or a way for large organizations with legal discovery or regulatory requirements to use DIME but still have access to their usersโ e-mails as needed. It also provides a way for e-mail hosting companies to potentially deploy DIME for hosted accounts without having to worry about what mail clients their customers are using.
Levison, notes that DIME will use for ciphers โa mandated baseline that I knew was secure, but make it easy to extend upon that.” Done by encrypting the message components with whatever alternative encryption method the administrator prefers, and then wrapping each component in the mandatory encryption scheme on top of that.
DIME isnโt yet fully available or implementable. There is a GitHub repository containing a โpre-alphaโ with libraries for DIME, and the team has assembled a 109-page specifications document, but the technology isnโt yet in a state where it can be independently deployed and audited.