dr|z3d
eyedeekay: not sure we need more than one password tbh.
dr|z3d
password that encrypts storage could be the same login p/w for postman's server.
dr|z3d
unless there's an issue with that?
dr|z3d
what we could use is an in-susimail password manager for the account once logged in which may require some api tweaks server-side.
eyedeekay
That would be useful, I asked about such an API in #mail.i2p earlier
eyedeekay
I think different passwords for login and local storage is better for security in principle
dr|z3d
not buying it. if the login password is exposed when you login to susimail, then it's exposed. 2 passwords is just adding more complexity for no reward as far as I can tell.
dr|z3d
having one password means never logging into susimail with the wrong password and wondering why server login's not working.
eyedeekay
It's the other direction I'm concerned about, even if the login password becomes exposed, the local storage password is not
dr|z3d
eyedeekay: don't think it's worth worrying about.
RN
I think some of that was just prioritizing out loud ;)
dr|z3d
I mean, currently we have totally unencrypted storage, so just encrypting the storage with the login pass is better.
RN
I wouldn't want my snark dl's in an encrypted dir, unless I made it that way, but I do get the want for that
RN
but email might be a little different
RN
the user logs in to get to them
RN
if the router is off and someone can just go look at them without the router even being fired up
RN
I think clear disclosure to the users about it might be a better solution for now... I mean if they use a common mail client with pop/smtp then does that client encrypt the emails on disk?
RN
II'm pretty sure TBird stores email in a file format that's trivial to parse
dr|z3d
we're talking about susimail mail dirs, RN.
dr|z3d
thunderbird stores emails in cleartext.
RN
right
RN
so...
dr|z3d
what eyedeekay and I have been discussing is encrypting the user's susimail download dir.
dr|z3d
first off.
RN
to make susimail more appealing
RN
right
dr|z3d
and also pgp support.
RN
I was just saying of other email apps don't do it...
RN
pgp support would rank higher than enc storage
RN
imho
dr|z3d
no they don't, but they function differently.
dr|z3d
the user is lead to believe they need to login to access their e-mail in susimail.
RN
with pgp you can have the emails encrypted in stored state by default
dr|z3d
separate issue.
RN
yeah, where is that leading? but I would probably have assumed the same when I was new to I2P
RN
it's all encrypted
dr|z3d
and recipient would need to have pgp support for it to make sense.
RN
automagically protects me from being careless
RN
hehe
RN
right... so a note "if you are not deleting emails that don't use pgp encryption, be aware these emails can be read from the files withuot the router running"
RN
or such
dr|z3d
no.
dr|z3d
pgp is later. encrypted mail dir is first.
RN
both promotes better opsec, using pgp, and promotes user awareness
RN
ok, I'm listening
dr|z3d
pgp is mroe involved.
dr|z3d
to really make sense, you'd probably want an addressbook with contacts.
dr|z3d
then you can attach their pgp key and everything else is taken care of.
dr|z3d
and that also allows you to attach your pgp key to e-mails only if you the contact doesn't have a pgp keyed enabled or you're not sending to a contact in your addressbook.
RN
ok
dr|z3d
much more involved.
dr|z3d
encrypting a user's mail dir, otoh, not so much.
albat
Salut dr|z3d, j'utilise un traducteur que m'a montré RN :)
albat
Hi dr|z3d, I'm using a translator shown to me by RN :)
albat
You're there?
albat
now i have good english lol
dr|z3d
your english was fine before, albat
dr|z3d
et salut.
albat
now it's better, my beloved cockroach :)
RN
remember though albat, it does send everything to Google
albat
ok
RN
fun little find though
RN
I don't remember him saying beloved cockroach before though... do you?
RN
heheheh
mildseven
oh its a hexchat plugin :)
mildseven
is there a weechat plugin?
albat
I don't know
RN
yep. 64 bit os and 64 bit hexchat required
RN
the danger of git is you will probably find one
RN
;)
RN
if I knew rust... I'd divorce it from google and swithch to another translation engine
mildseven
rust is a great game ;)
RN
:þ
mildseven
hehe
dr|z3d
albat le caffard. he's being symmetrical.
RN
symetry can be pretty
RN
but it is the tiny variations from symmetry that are truely beautiful