l.p.a.a. - lentil, pea and ashes
l.p.a.a. is a messaging system designed to be resilient against content and
communication network analysis, network failure or blockade.
Prototype (PoC) implementation as local POP3/SMTP gateway
Implementing the first lpaa client as POP3/SMTP gateway has the advantage of easy adoption.
Later generic clients should implemented into dedicated client messaging programs.
Beware: implementing a local, unauthenticated message gateway is a security risk!
ANY program on the local computer could use it to send or read messages.
Please treat this suggestion as what it is: a first prototype, a usable quicly implemented proof of concept.
- Such a gateway MUST NOT be run on machines that are used by multiple users simultaneously.
- The gateway it a local service listening on 127.0.0.1, thus can be used without extra network protection (on single-user systems even without authentication).
- The gateway accepts "mail" only to addresses towards USERNAME@lpaa - where USERNAME is a valid nickname in the local lpaa address book. if the user adds +ALL to the nickname (i.e. USER+ALL@lpaa), the message MUST be sent via all known valid addresses. With the appendix +ALLKNOWN ist MUST be sent to all known addresses (see above).
- The lpaa gateway MUST NOT be run in DAEMON mode or fork into background.
- The gateway MUST be manually started by the user, who MUST provide a passphrase to unlock the address book.
- The program CAN periodically poll all known servers/URIs for new messages. It SHOULD NOT allow polling more often than every 15 minutes.
- The program SHOULD discourage automatic polling when using mobile networks (GSM, UMTS, ...) to help prevent user location tracking via IP addresses
- Mail headers are constructed from lpaa, creating
- From: USERNAME@lpaa
- To: NICKNAME@lpaa
- Subject: the first line of the text file, index.txt file or <title> of the index.html file
- Content-Type: + Content-Transfer-Encoding: + MIME-Version: as needed when not plain text messages
- The Daemon SHOULD NOT offer a web server / web interface to prevent information leakage via hijacked browsers.
- ...not yet - currently a(nother) review of the protocol design is done.
For details on licensing and support please see there.
This software is published under
This software is published under a MIT License",
an open source license.