networkimprov / mnm Goto Github PK

Hey there! I want to know if mnmnotmail is something federative like ActivityPub. mnmnotmail is something federative like ActivityPub?

Hi all!
I would like to understand more deeply how the TMTP protocol works. A good part of the protocols is in some RFC, example
- here: ietf\standards\rfcs or
- here rfc-editor.org or
- here datatracker.ietf.org
2. But... I would like to know if you guys have already thought about adding the TMTP protocol in the RFC?
3. I didn't find much information about the TMTP protocol in these links I mentioned above.
4. If anyone can clarify these doubts I would be happy for the feedback.

A publicly accessible mnm site needs ways to identify & authenticate people registering new accounts. Possibilities include:

• HumanID https://human-id.org
• Twitter (etc) verified accounts
• Designated OpenID Connect providers

A private mnm site needs ways to limit registrations & (often) logins to specific people or groups. Possibilities:

• LDAP
• Kerberos

A mnm site shall be able to require authentication on registration & login, or only registration. Private sites would typically require both; public sites would not (as that means a third-party action can deny someone access to email).

Hello everyone!

disclaimer

• I would like to know how the aspect of the security layer, privacy of the tmtp protocol works. So, recently, I read some reports or experiences about the security layer of tmtp. And I would like to know if the reports or experiences shown here make sense.
• I'm confused to understand how the tmtp protocol works, maybe I don't have much knowledge in networks or network protocols. I say that I'm confused, because I didn't find relevant information about the doubts I have here. Note: I plan to someday use the tmtp protocol for a use case.
• Perhaps the security information is not enough to understand the security aspect of tmtp yet. I believe my question can help many users. If someone can answer my questions, I would be happy for any answer.
• The purpose of my question being related to the report or experience I leave here is to bring useful information to anyone interested in the mnm protocol. I say this because I don't want you all to think that such a report or experience told here serves only as an empty or baseless criticism.
• I would like to say that I have a genuine doubt to understand how things work, why they work and why they are important or not.
• I searched the internet for everything I could find about reports or experiences with tmtp and found this one.

report and experience

"SMS is really any more secure than email with TLS. phone provider can read it as well, same as email providers when the emails are not encrypted.

Also you just need one malicious app on your phone that has the sms reading permission, or sometimes an attacker just needs one call to your tel-co provider to convince them to send them a replacement sim card which they can use to read all your sms and steal all your accounts that are foolish enough to consider SMS a second factor.

So no SMS is not really more secure or private than email with TLS transport encryption between providers (which is standard these days).

Now about tmtp, if you read their site you will notice that it’s completely different from email architecture wise. It’s not compatible with email the way POP and JMAP are. Also the companies can directly collect the user’s ip address (and thus also their rough location), because users connect directly to the companies server. Also TMTP is for business <-> customer, not for normal usage from what I can tell."

general questions

1. Does this report or experience make sense?
2. How is tmtp protocol better than email with tls?
3. Is the tmtp network protocol an alternative to the smtp network protocol or is it similar to the smtp network protocol?
4. Why cant tmtp be compatible with JMAP and POP?
5. Is there any way to add pop and jmap compatibility to tmtp?
6. Is the tmtp network protocol only for business? or could it be used for end users too?
7. Can companies directly collect user's IP address and approximate location with tmtp?
8. Is it possible to use things like proxy, vpn, tor in tmtp to avoid approximate location?
9. What are tmtp security recommendations for better use?
10. TMTP is more secure than email? if yes, why?
11. What are the use cases that tmtp could not or should not be used?
12. Is tmtp similar to IRC network protocol?
13. tmtp is a non-realtime chat?
14. how does tmtp prevent things like spam?
15. what are the pros and cons of tmtp?
16. Is it necessary to use Things like email use PGP: Pretty Good Privacy, for encrypting messages in tmtp?
17. what are the algorithms used to encrypt messages in tmtp?

If anyone can answer one or more questions. I will be happy, for any answer.

Most stuff I write today runs on AppEngine, but I'm looking favourably at Cloud Run or AWS Droplet. These systems favour short connections and cost nothing when inactive. Presuming a mail system ran over https, and didn't use long connections, almost anyone could setup their own server for next to no cost (or simply fit within free tier) and utilising any available storage system.

TMTP seems comparatively complicated (firewalls, database...) and costly, needing to be active all the time.

I also imagined that users would pass providers/other users a token (through something like OAuth), giving (revocable) permission to send them email. It's not clear to me how this is done - apologies if I've missed critical document portions.

Hey everyone!

I was thinking about creating a documentation site about mnm.

url: https://docsify-this.net/?basePath=https://raw.githubusercontent.com/networkimprov/mnm/master&homepage=Protocol.md&sidebar=true#/

my idea

Note: Added a pull-request about this issue, idea - please see this: add docs in mnm.

concept

What do you think of the idea?

Hi everyone.

I was thinking today how to make the mnm protocol more secure, private and anonymous. One of my concerns with the mnm protocol is its security, privacy and anonymity. The architecture of mnm is different from email, in that sense my concern would be that companies directly collect the user's IP address (and therefore also their approximate location) - this concerns me to some extent as there are general user data protection laws. In relation to this question and also a concern of mine comes the idea of using tor routes, which allow you not to know the initial or final ip of any user on the network.

I believe this can be an advantage to add a layer of security, privacy and anonymity for mnm. I believe that with tor-mnm it is possible to have higher security than email. Things like e-mail use pgp(Pretty Good Privacy) which is for encrypting messages, and there are temporary e-mails for sending and receiving messages, as well as tor routes to hide the starting or ending ip of the user.

As mnm is a different protocol from email, I wonder if there would be a need to have the route: tor in mnm. So with this hide the user initial or final ip, and thus ensure greater security, privacy and security with mnm.

An alternative to the tor route - is to use things like proxy, vpn. But things like proxy, vpn depend on your provider's trust. This trust in the provider - this also involves to some extent: privacy, security and anonymity too. In the case of the tor route, all ips change with each connection or network node.

About message encryption, which is another topic here. I would like to know if there is a pgp(Pretty Good Privacy) in mnm to send and receive encrypted messages.

These are questions and not an feature request. What do you all think of this idea of ​​tor routes in mnm and the idea of ​​using pgp(Pretty Good Privacy) encryption in mnm?

Would matrix.org not have a considerable overlap with this system?

@networkimprov Hi! How are you?

Recently opened a feature request for Protonmail to support TMTP protocol. As I see it as Protonmail focuses on privacy, it would make sense to substitute smtp for TMTP.

1. Why?

• If there are many famous programs using the TMTP protocol I believe this would be pretty cool.
• Concept: A feature, function, or application of a new technology or product which is presented as virtually indispensable or much superior to rival products. killerapplication So... I would like Protonmail to have support TMTP protocol. This would represent a standout or partnership between 2 open source community.
• What do you think about this idea?

2. "List of possible partners for the TMTP protocol"

• ProtonMail
• Secure email: Tutanota free encrypted email.
• Evolution Mail and Calendar
• BlueMail - The Best Email Management App for Windows
• Mailspring (Previously known as Nylas Mail) - The best free email app
• ledgermail
• Thunderbird — Make Email Easier. — Thunderbird
• Claws Mail - The user-friendly, lightweight, and fast e-mail client
• Apps/Geary - GNOME Wiki!
• KMail - KDE Applications
• Sylpheed - lightweight and user-friendly e-mail client
• The Mutt E-Mail Client
• Trojitá, a fast Qt IMAP e-mail client
• Hiri best email client for Windows, Mac and Linux

3. References

• https://rigorousthemes.com/blog/best-protonmail-alternatives/
• https://itsfoss.com/best-email-clients-linux/
• https://www.techradar.com/best/best-email-clients

is there a way to point nginx at the server

(This is in response to a request for feedback on golang-nuts)

Proposals to replace SMTP are not new. I am old enough to remember a proposal called IM2000 by no less than the legendary Daniel J. Bernstein[^1] (expanded by others). You can Google for the details, but in short, it didn't go anywhere. One repudiation which is still online is here.

For this new proposal, what I'd really like to see is a proper architectural description, not just a bits-and-bytes protocol. Who are the participants? What roles do they take? How do intermittently-connected nodes participate, and nodes with dynamic IPs? What's the lifecycle of a message? How are messages routed? Is the DNS involved, and if so, how? Are messages relayed via multiple nodes? What are the trust relationships? Then it becomes possible to see what the tradeoffs are between this and SMTP - what problems it solves, which ones it doesn't, and what new ones it generates.

The protocol description talks about "clients" and "servers", and that a client must "login or register" to a server, but that's all. Within your own domain of trust, that's clearly fine. What about a server in my organization contacting a server in your organization? How are those relationships set up - manually?? Is there an N^2 full mesh, or do some nodes act as transit nodes, or something else? Or is the proposal implying that every client has to register directly with every server that hosts one of their contacts?! None of this is clear.

In short, how is it proposed that this will work on the Internet at large, for messaging outside your own organization? What's the sequence of events which permits user X at organization A to send a message to user Y at organization B? Nobody wants a new private messaging system[^2].

Currently the only architectural documentation I can find is a list of goals. For example, one of those goals is "Messaging services must be able to control how members identify themselves to other members and prevent members from impersonating others." However I cannot find anywhere that describes how this new mail architecture and protocol proposes to achieve this goal.

Some of the other stated goals are clearly achievable within the current SMTP/IMAP architecture. For example: "Every organization, whether tiny or enormous, needs a members-only messaging service that cannot receive traffic from external or unapproved senders." You can easily configure a mail server that accepts SMTP submissions on port 587 from authenticated clients only, and does not accept incoming mail on port 25. Job done.

MNM also seems to propose writing new E-mail clients from scratch to work with this protocol. It seems to me it would be simpler to support existing IMAP and SMTP-submission protocols, and then you could point any existing client at it. However this is just speculation on my behalf, without knowing what the proposed architecture is for nodes communicating using TMTP.

I'm sorry if this comes across as negative. Maybe from the inside, it's "obvious" to you what the architecture is - but for me, it's not. If you want this proposal to have traction, then I believe that explaining the architecture is a necessary step.

The equivalent for SMTP is RFC2821 sections 2.1, 2.3, 2.4, 3.6-3.8, 5 and 6.

[^1] Best known as a cryptographer and mathematician, but also the author of qmail and ezmlm, so he certainly groks how E-mail works.

[^2] xkcd: 927, 1810, 2365.

It's my understanding that JMAP offers a similar client/server protocol but has gone through intensive usage at Fastmail, is implemented in Cyrus and Apache James while Dovecot is working on it (although, not entirely sure of status).

It's also an IETF spec, see RFC8620 RFC8621 RFC8887

Although, perhaps it's simply my misunderstanding and TMTP is more targeted to server-to-server communication? I still think it would probably be a good idea to take inspiration and/or try to consolidate the efforts and take definitions from there.

Sorry if it's inappropriate!

Hi.

I would like to know the difference between the tmtp and nostr protocol. So, what is the technical difference between these two network protocols: tmtp and nostr ?

why are you writing here?

• I didn't find any information about the difference between tmtp and nostr.
• In the mnm documentation it talks about tmtp being an alternative to jmap, smtp. But about nostr there is no mention of network protocol. Being that, the nostr in a certain way is also an alternative to the smtp.
• This is not a feature request, but a technical question.

Hey there! I would like to make an app with react-native for mnm, in this way to have an mvp(minimal value product) or poc(proof of concept). My general idea would be to create something mvp+poc of service-demo to verify the possibility of building a base of users for mnmnotmail. This is my general idea to help the mnmnotmail community.

before

after

Please, see this ayhan/next-tailwind-whatsapp-telegram

I hope to have a similar experience with Whatsapp, Telegram when having mnmnotmail installed. Telegram, Webchat, Facebook, Discord, YouTube, Whatsapp design is very easy for most users around the world. I'm thinking of using the design base of Telegram and Whatsapp to offer a common experience with mnmnotmail.

I want the mnmnotmail community to say if the idea can be good or is a waste of time.

Hi all!

I have an interesting question, at least I find it initially interesting. Is it possible to have temporary messages with the TMTP protocol?

1. Context of the question

1. One of the things I don't really like about email is that email doesn't support temporary messages. Sometimes you access a website and need to register for it. However, this site keeps sending you a lot of messages. Some messages are spam, programmed. An alternative to this, it is very common to use temporary emails.
2. With a temporary email, you can register on one or more sites without necessarily committing to receive notifications.
3. Because... bearing in mind, that after a temporary email is created - it is unique after some time. And the messages you receive by email are deleted as well.

2. Why is this interesting, relevant?

1. This might be interesting for better security and privacy for users, given that users could have temporary messages to be deleted on the server. What prevents or can prevent if the server is compromised that users have messages read by anyone.
2. Also, this prevents the server from being overloaded... I think of this idea, because as the messages are being deleted it takes up more processing space on the server side.
3. Perhaps this is innovative, as most emails do not have this feature. Generally, deleting messages is sometimes manual. That way everything would be more automatic and customizable, which would make it much easier for users and the system itself, the server itself.

3. Notes

1. We can cite as an example the tempmail site that deletes messages after 24 hours.
2. There is pastebin where everything that is stored can be deleted according to a time that the user himself defines.
3. When I talk about pastebin or tempmail, I'm just referencing these two services or software as a bibliographic reference here,
4. My intention is not to promote them, but to analyze the features that both software have to see if it makes sense for the TMTP protocol to support such features as for example: temporary messages or messages defined for a while
5. I would be happy to know if this has already been thought or not, or if the idea I put here is good or bad
6. This is a question and not a feature request.

4. References

1. https://temp-mail.org/en/
2. https://pastebin.com/