d@nny disc@ mc²Mar 21

unrelated to anything but

searching for anything at all emacs intro related brings up a lot of people with very flashy css and incredible SEO telling you yeah here's what someone said on reddit. that's how emacs works we just follow instructions we don't understand

https://f-santos.gitlab.io/2020-04-24-mu4e.html

yeah you gotta use this tool. i assume you're using arch linux, because you like following instructions that aren't explained to you.

first thing about email on emacs: install openssl from arch linux repos. everyone knows this

First, you should install SSL development libraries,
sudo pacman -S openssl

i will grant this is some seriously snazzy css. but those are not the "SSL development libraries"

and also citing your sources at the top with the "install openssl using sudo" is the precise inverse of how to wield snazzy css

if it wasn't literally arch linux openssl (red links are debatably kinda cool) and the code block that announces "Shell Script" -- sir that is not a script

Reading and sending mails from within Emacs: a tutorial for mu4e

Show threadd@nny disc@ mc²Mar 21
i like that it's uncomfortable to know what to call shell shit
Show threadd@nny disc@ mc²Mar 21
cause it's used in really distinct ways! it has identities!
Show threadd@nny disc@ mc²Mar 21
every github clone is a liability now which is cool. it's now a local liability
Show threadd@nny disc@ mc²Mar 21

OMG NVM VIBES OFF THE CHARTS https://www.djcbsoftware.nl/about.html

If you have no idea what a PGP-key is, then this is as good a time as any to learn about it!

I APOLOGIZE SIR

djcbsoftware

djcbsoftware dirk-jan binnema software

Show threademenelMar 21
@hipsterelectron i very deeply wish that we had made pgp and local email really easy and awesome to use instead of the privacy-theatre that is proton et al.
Show threadd@nny disc@ mc²Mar 21
@emenel well so email is an IETF spec so that was never going to happen. let's not blame ourselves here
Show threademenelMar 21
@hipsterelectron tbh it’s not like its too late. design a nice client with good/straight forward pgp support …
Show threadd@nny disc@ mc²Mar 21
@emenel i would use double ratchet for anything that can be formulated as a session (x3dh is very straightforward and makes a "session" a call-and-response)
Show threadd@nny disc@ mc²Mar 21
@emenel i used libsignal https://codeberg.org/cosmicexplorer/grouplink but unfortunately i think signal's new cryptographer is making terrible decisions and terrible excuses for it
grouplink

A generalization of the Signal cryptographic protocols for general message encryption without a central server.

Codeberg.org
Show threadd@nny disc@ mc²Mar 21
@emenel i really like this paper on double ratchet https://eprint.iacr.org/2020/148.pdf
Show threadd@nny disc@ mc²Mar 21

@emenel like yes they do also play to my ego

After ratcheting attracted attention mostly due to practical real-world protocols, recently a line of work studied ratcheting as a primitive from a theoretic point of view.

i am human

Show threadd@nny disc@ mc²Mar 21
@emenel i do not believe the final page of the triple ratchet is a good argument (they did two papers on it) https://eprint.iacr.org/2025/078.pdf the final final page (page 60) says "yeah we didn't mention we lose adversarial randomness, and yeah we could have done that with lattice, but the keys would be big and. mmumsad (it would mess up our benchmarks)"
Show threadd@nny disc@ mc²

@emenel the benchmarks which....are on the other last page https://eprint.iacr.org/2025/078.pdf

7.2 Effect of Chunk Encoding on Communication Costs

like sir. you can't say cost without a model. you are a cryptographer

Mar 21 at 9:05pmWeb
Show threadd@nny disc@ mc²Mar 21
@emenel i think it's incredibly irresponsible for something like signal, and idk why nobody can critique him. luckily, signal is the worst iteration of the tech
Show threadd@nny disc@ mc²Mar 21
@emenel https://signal.org/blog/the-ecosystem-is-moving/ moxie's evil blog post which mentions internet standards as inspo
Reflections: The ecosystem is moving

At Open Whisper Systems, we’ve been developing open source “consumer-facing” software for the past four years. We want to share some of the things we’ve learned while doing it. As a software developer, I envy writers, musicians, and filmmakers. Unlike software, when they create something, it is...

Signal Messenger
Show threadd@nny disc@ mc²Mar 21
@emenel this blog post was sufficiently wrong as to inspire me to (1) write the p2p signal ~which is just gpg~ (2) document his crypto for him
Show threadd@nny disc@ mc²Mar 21

@emenel he obviously misses the p2p possibility. he says "federated" because federated is very easy to capture (see: mastodon).

i realized double ratchet was doing a lot of stuff like a more standard network protocol => QUIC is just double ratchet

Show threadd@nny disc@ mc²Mar 21
@emenel trevor perrin consulting. but it sucks and it's worse because IETF ensures backwards compatibility is MUST for insecure bullshit
Show threadd@nny disc@ mc²Mar 21
@emenel so like. i think double ratchet sessions alone (https://codeberg.org/cosmicexplorer/grouplink/src/branch/main/cli/src/main.rs) can be sent over email. and this is not a trivial thing because you can very much use this over any plaintext channel
grouplink/cli/src/main.rs at main

grouplink - A generalization of the Signal cryptographic protocols for general message encryption without a central server.

Codeberg.org
Show threadd@nny disc@ mc²Mar 21
@emenel if you have (like in the terrible prototype) a random number generator, you can do this fucked up thing that gives you anonymity by making a new identity, sending it within a message, and receive the same from your interlocutor. now you can use the new public keys
Show threadd@nny disc@ mc²Mar 21
@emenel i am under the impression that this is the basic principle of onion routing
Show threadd@nny disc@ mc²Mar 21
@emenel and like note to self that "rock solid double ratchet impl + curve25519 impl (which can be a dependency)" and making a wire protocol for that is imo the right place to work on since it'll be hard and have its own problems. there's also this whole thing where signal relies on a sqlite db, the prototype just appends to a file, and there will be a discussion around what security boundary to draw
Show threadd@nny disc@ mc²Mar 21
@emenel grapheneos may have good advice here. in particular a double ratchet impl alone would be cool. an "impl" is nontrivial to distinguish--jordan rose (who taught me lots of stuff for free when i tried to write docstrings and was wrong) did some impressive work to take rust trait definitions and convert them into app backends. i think that's the right approach (not to tie it to a concrete serialization) but figuring out a way to specify this will be interesting
Show threadd@nny disc@ mc²Mar 21
@emenel the sqlite db is not likely to be necessary. i'm not sure what would be the right answer to this at this level of abstraction. i think that will become clear from impl
Show threadd@nny disc@ mc²Mar 21

@emenel the sqlite db for signal is because apps have restricted access to anything. what it provides is mapping from the byte serialization of a pubkey to the associated sessions. and in fact, i think i found that kinda wrong even for my prototype, since each session is distinct from the originating identity (bc each DH handshake is another set of completely new keypairs). in fact, i forget whether the identity key is even exposed at all........because i was also using the sealed sender approach which does tag with the sender id (but encrypted with another key)

sealed sender is kind of a hack for the server model and what i analogized to onion routing (onion packing?) works both ways, no new crypto

Show threadd@nny disc@ mc²Mar 21

@emenel sorry the reason i mention all this is because double ratchet message chains having forward secrecy is something the pgp approach needs and we can do safely (not quickly or easily, but it's mature enough now imo)

there is another goal after that

Show threadd@nny disc@ mc²Mar 21

@emenel and it ends up being a whole thing, but basically anonymity is possible and not difficult to codify and cryptographers don't wanna do it, because academic crypto is boring and also captured

and the work i can find on tor and i2p does not have any theory of this--the i2p paper i could find was terrible and i doubt it was representative.

but anonymity and ddos resistance are.....not in conflict

Show threadd@nny disc@ mc²Mar 21
@emenel one trick is constant bit rate to all peers at all times. that's not easy but it makes timing by bandwidth not a thing. haven't seen people mention this? tor does not do it?
Show threadd@nny disc@ mc²Mar 21
@emenel the other part is just.....tor and i2p are like "everyone is equally trusted to start" like that's a normal thing to assume. no?
Show threadd@nny disc@ mc²Mar 21
@emenel this is why taking multiple paths for messaging increases deanonymization, because you send to completely random people, and the state has more compute than you
Show threadd@nny disc@ mc²Mar 21
@emenel one interesting point about double ratchet creating a "session" is that it also provides a natural point to negotiate your bandwidth requirements and type of data together. which is a useful and important and nontrivial interpreting for multiple sessions between nodes! and now we're really grooving
Show threadd@nny disc@ mc²Mar 21
@emenel the finishing touch comes from louis pouzin https://en.wikipedia.org/wiki/Internetworking#Catenet  net
Internetworking - Wikipedia

Show threadd@nny disc@ mc²Mar 21

@emenel which is: you can maintain these negotiated sessions with specific peers through completely ephemeral identities, and define a source routing protocol through them. this is bootstrappable, so you can discover peers from B->C, C->D, further--although at this point it becomes significant to distinguish:

  • node identity
  • user identity
  • key identity

maybe more or less. but this is not yet quite enough