The risk analysis has been updated (https://bitbucket.org/flowingmail/protocol/commits/all).
The following chart represents the requirements (green) and risks present in the risk analysis.
The color of the risks ranges according to the severity and likelihood after the mitigation: from red (high severity and likelihood) to cyan (low severity and likelihood).
There have been considerable changes since the first version of the protocol:
- a proof of work is now necessary to send an email: because the block that initiates the email must be indistinguishable from the blocks that contain the mail content, the sender must form the initiation block so that its SHA2 is really close to the recipient’s ID, so it will reach the intended node. The difficulty of the proof of work depends on the number of connected nodes, but this will most likely force the usage of a GPU for the calculation of the hash
- the recipient must try to decrypt all the blocks that it receives for storage because it may receive a mail initiation block that specifies the ID of the first mail’s block
- the modified protocol distributes better the information between the nodes
- the “bittorrent” way of transferring data is not used anymore: this prevented an uniform distribution of the blocks between the nodes
The first draft of the protocol will be published shortly.