MIP - Offline Signing/Decryption/Syncing #624
Labels
mip
Mailchain Improvement Proposal
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Simple Summary
Sign/decrypt messages and sync with network on an airgapped computer.
Abstract
It should be possible to compose a message including envelope type, receiving address, attachments, etc, and encrypt it entirely offline using the web interface on an airgapped computer, to produce some file that can be transferred to any other machine running Mailchain, which would then publish the pre-signed and encrypted message to the network.
Motivation (*optional)
Because private keys to are so valuable in a blockchain ecosystem, entrusting software with them simply to send a message, when there may be millions of dollars of value stored by the private keys, seems like an terribly imbalanced and risky scenario. Passphrase protecting private keys has limitations such as keyloggers, etc, and a much better form of protection is never allowing keys to ever be present on a networked machine. I would like to be able to sign/encrypt/compose Mailchain messages offline in the same way I can sign any ethereum transaction offline, before passing it via sneaker net to a networked machine to propagate to the network.
Specification
This would require outputting a completely signed and encrypted message including attachments in a portable file format that could be interpreted by any other Mailchain server. This would likely require some new features not present in the current implementation. Secondly, in order to keep the airgapped computer up to date, and to open messages on it, there would be some format for network state snapshots that could be downloaded by any networked Mailchain server and physically transported to an offline machine in order to receive messages. This may not require any new work to implement, and could be as simple as copy and pasting folders from a networked machine to an airgapped one.
Rationale
Ideally private keys would never have to be present on a networked machine.
Backwards Compatibility
The encrypted message file would require some new way to be interpreted by a Mailchain server. It would not require breaking any message formatting. The network state snapshot likely requires nothing breaking.
Test Cases
A useful test would be to set up two Mailchain instances at the same time, one on a networked machine and one on an airgapped machine. Then messages should be composed and encrypted on the airgapped machine over the course of a significant amount of time, and messages from other users should be composed and sent to the user of the airgapped address. Finally, after a significant amount of time, all of the messages on the airgapped machine should be passed to a networked Mailchimp instance to see what issues may have been caused by the flood of messages one after the next that are dated as having been composed well into the past. Finally, a snapshot of current Mailchimp network should be downloaded and transferred to the airgapped machine to see if all messages intended for the airgapped recipient were received.
Related MIP
N/A
The text was updated successfully, but these errors were encountered: