From 9063b77e19823d6efb6d151474f50cd6b76302b3 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Tue, 23 Jan 2024 10:20:19 +0100 Subject: [PATCH] Finalize the "concepts" part --- content/documentation/design/_index.md | 20 ++++++++++++++++--- .../design/per-user-encryption.md | 5 +++++ .../design/unbreakable-mailboxes.md | 6 ------ 3 files changed, 22 insertions(+), 9 deletions(-) delete mode 100644 content/documentation/design/unbreakable-mailboxes.md diff --git a/content/documentation/design/_index.md b/content/documentation/design/_index.md index efbdce8..57e698a 100644 --- a/content/documentation/design/_index.md +++ b/content/documentation/design/_index.md @@ -7,13 +7,27 @@ template = "documentation.html" ## Goals + +**Highly resilient** - Multiple instances of Aerogramme can been run in parallel without coordination. +Multi-region support, survive datacenter failures. + +**Easy to operate** - Transparently replicate mailbox and solve conflicts. Integrate with your LDAP server. Privacy friendly + +**Per-user encryption of mailboxes.** +Can be run as a local proxy to hide your mailbox content from the server. + + ## Main concepts -[Per-user encryption](@/documentation/design/per-user-encryption.md) - TODO +[Per-user encryption](@/documentation/design/per-user-encryption.md) - Aerogramme can't persist data in plain text, +instead its whole data model is built upon the idea that a mailbox is a series of encrypted blob. These blobs do not reveal +the mailbox name, the metadata of stored emails or even the flags that have been put on them. -[Unbreakable mailboxes](@/documentation/design/unbreakable-mailboxes.md) - TODO +**Continuous Mailbox Merging** - As multiple instances of Aerogramme can be run simultaneously, and that's possible +that 2 instances interact with the same mailbox (over Garage), each process monitors external writes for the mailbox +they track and automatically do the merging [in a correct way](@/documentation/internals/imap_uid.md). **Modular design** - Login and Mailbox storage is abstracted behind an interface: multiple implementations are thus possible. -**Micro-service** - Stateless. 12 factor app. +**Microservice** - Aerogramme is stateless and tries to adhere as much as possible to the [12 factor app](https://12factor.net/) principles so it's easy to run in a cluster. diff --git a/content/documentation/design/per-user-encryption.md b/content/documentation/design/per-user-encryption.md index 14382e3..64335fa 100644 --- a/content/documentation/design/per-user-encryption.md +++ b/content/documentation/design/per-user-encryption.md @@ -8,6 +8,11 @@ Aerogramme can't store plaintext data, instead all users data must be encrypted Of course, cryptography is always a tradeoff with other properties (usability, compatibility, features, etc.), so the way the key is derived and where the encryption/decryption can take place can be configured. +## Compared to PGP + +PGP only encrypts the body of the email, it keeps in cleartext the metadata of your email (fields like From:, To:, or Subject: are readable by an attacker), +it can't protect your flags, your mailbox names, etc. Conversely, all this data is encrypted in Aerogramme. + ## Security flavors These different configurations are identified as flavors: diff --git a/content/documentation/design/unbreakable-mailboxes.md b/content/documentation/design/unbreakable-mailboxes.md deleted file mode 100644 index 26cd757..0000000 --- a/content/documentation/design/unbreakable-mailboxes.md +++ /dev/null @@ -1,6 +0,0 @@ -+++ -title = "Unbreakable mailboxes" -weight = 20 -+++ - -Test