Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes, at least to begin with, we are not providing people with domains or e-mail addresses. IMAP, POP3, or run your own SMTP server...


sigh … I already have email clients that do PGP on my email that is hosted on Someone Else's Computer. It doesn't seem like Mailpile moves me a single step away from the dragnet.

When I saw the "pagekite" username on github, I immediately hoped for plug-and-play self-hosted IMAP/SMTP. Here is what I envisioned in the blissfully ignorant moments until I read what the project was actually about:

The user gets to download/buy a USB stick image / raspberry pi SD image. After plugging it into a pi or other box and turning that on, user types in the URL "mailpile" on their laptop web browser and on first run, user gets asked by web app to plug in a big harddrive for storing email on[1]. The box runs some IMAP server (dovecot?), connected to some MTA that does TLS (postfix?). The user has paid for an already setup domain name, kept in sync with the IP address of that box (which runs a dyndns-like daemon), user also gets access to some server that relays SMTP without breaking TLS (since most mail servers will not accept SMTP from just any dynamic IP). So on first run, the user also has to enter the credentials for the service they paid for, these credentials are used to let the box get its SSL key signed by the CA, tell the dyndns service that this box gets to update this domain name etc.

Now if two users run this, they don't even need PGP to communicate in an encrypted way, it looks just like any other sent email. Nor can anyone requisition their mail without breaking into their house.

So the paid service would be to get a dyndns-updatable domain name with SSL, and access to some server that relays SMTP. The service would have to dole out domain names and either be a CA itself, or be able to intermediate in the SSL key signing process.

[1] For bonus points, dejadup runs there and user gets to say "send encrypted backups to dropbox/some ssh account/some other USB drive"


This is one of the directions the project could go in, and I personally would like it if that happened. But first we have to build the software, right? :-)


but then I'm not really seeing what the advantagess over running thunderbird + engimail locally or using roundcube (which also has openpgp support built in) would be?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: