Ladar Levison the founder of the secure e-mail service Lavabit, was shut down in mid-2013 in an effort to avoid being forced to comply with a US government demand to turn over users’ e-mails.
Ladar Levison’s latest project is a larger scope than his originally hosted e-mail service, with the aid of some fellow crypto-minded developers, he wants to change basic e-mail and build an automatic encryption service into email’s fundamental nature.
Ladar Levison one of the members of the Darkmail Technical Alliance collective including Jon Callas, Mike Janke, and PGP designer Phil Zimmermann—is currently working on a project collectively referred to as DIME, (Dark Internet Mail Environment).
DIME is to take the form of a replacement for existing e-mail servers that will be able to use DMTP (Dark Mail Transfer Protocol) and DMAP (Dark Mail Access Protocol) to encrypt e-mails automaticly by default. DIME applies multiple layers of encryption to an e-mail to ensure that each stage of the e-mail’s journey from sender to receiver only sees the data about the e-mail that they need to see.
Both the e-mail’s author and recipient know who sent the message and where it was bound, but the author’s e-mail server doesn’t know and it can only decrypt the part of the message containing the recipient’s e-mail server. The recipient e-mail server only knows the destination server and the recipient, but it doesn’t know the sender.
Arranging these four steps in a line from left to right; author, origin server, destination server, and recipient. each step in the line is only aware of the identity of the entity directly to its left or right.
To make this work, a federated key management system handles the layers of encryption, because every entity in the DIME chain has to have its own public and private keypair to encrypt and decrypt the portions of the e-mail that it needs to be able to encrypt or decrypt.
This will work in the same manner as DNS, with each organization that uses DIME being the authoritative source for encryption keys for its servers and e-mail addresses. DNSSEC will be the preferred method for holding a domain’s e-mail trust anchor, this will also allow the use of a root Certificate Authority-signed TLS certificate to validate keys.
The initial implementation of DIME will use a fork of Lavabit’s Magma e-mail server, but will expand to have support for DIME in Postfix and other common Mail Transfer Agents. The DIME is a Magma-based server with functions simular to Exchange, combining the roles of Mail Transfer Agent and Mail Delivery Agent into one monolithic server. If a user’s e-mail client (the MUA, or Mail User Agent) doesn’t support DIME, the spec allows the DIME server to transparently generate keys for the user and encrypt the user’s messages on their behalf.
According to Ladar Levison
“You update your MTA, you deploy this record into the DNS system, and at the very least all your users get end-to-end encryption where the endpoint is the server, And presumably more and more over time, more of them upgrade their desktop software and you push that encryption down to the desktop.”
This optional mode wherein the e-mail servers transparently do the client’s encryption for them, is called “trustful mode” and can either be a bridge for users to until they have a client program that fully supports DIME, or a way for large organizations with legal discovery or regulatory requirements to use DIME but still have access to their users’ e-mails as needed. It also provides a way for e-mail hosting companies to potentially deploy DIME for hosted accounts without having to worry about what mail clients their customers are using.
Levison, notes that DIME will use for ciphers “a mandated baseline that I knew was secure, but make it easy to extend upon that.” Done by encrypting the message components with whatever alternative encryption method the administrator prefers, and then wrapping each component in the mandatory encryption scheme on top of that.
DIME isn’t yet fully available or implementable. There is a GitHub repository containing a “pre-alpha” with libraries for DIME, and the team has assembled a 109-page specifications document, but the technology isn’t yet in a state where it can be independently deployed and audited.