Summary: Brainstorm for the design of a secure, decentralized (peer-to-peer) replacement for email.
- Secure p2p messaging; Decentralized messaging platform (no centralized server).
- Do not rely on central Certificates of Authority (CA).
- Leverage modern environment where users have multiple, always-on devices.
- Enable client-side implementations of modern email features, such as search, tagging, filtering, and so on.
- Trustless, p2p, open source.
- Support mobile and desktop.
- Each user device (e.g. desktop, laptop, phone, pad) runs a local client/server app.
- User connects multiple devices via VPN using Perfect Forward Secrecy
- All user devices are synced with outgoing and incoming messages.
- Messages are sent directly to recipient via secure PFS connection; does not rely on central CA.
- Message can be routed to any of recipient’s devices that are online; offline devices are synced when they come online.
- Messages are queued on sender’s devices until recipient comes online.
- Messages are stored encrypted on client’s devices.
- Search is built into client apps using techniques for searching encrypted data:
- Build on Apache Wave where each user runs a personal Wave server.
- Wikipedia: Apache Wave
- Apache Wave Project
- GitHub Repo
- Wave Protocol
- Wave Federation Protocol: Wave Providers
- Wave Summit Talks
- Wavelets: User data is not federated.
- Use Dynamic DNS to enable senders to find recipient devices.
- Run a personal router on Heroku to enable mobile messaging.
Comments and ideas welcome.