Cables communication implements secure and anonymous communication using email-like addresses, pioneered in Liberté Linux. Cables communication is Liberté's pivotal component for enabling anyone to communicate safely and covertly in hostile environments.
What makes cables communication special?
- Although cables communication is independent of the transport protocol, its primary purpose is to facilitate message exchange over anonymous networks like Tor and I2P
- Cables communication utilizes the CMS standard with X.509-based key management for signing peer keys and for encrypting messages; Perfect forward secrecy makes communication resistant to potential future compromise of user's certificates; transport-independent protocol is resistant against short-term and long-term man-in-the-middle attacks
- Usernames that are used for communication are certificate hashes, themselves guaranteeing sender's authenticity
- Messages are encrypted and authenticated by deriving shared Diffie-Hellman keys and MACs, and it is therefore impossible to prove authorship of messages to third parties after the fact
- It is impossible to determine whether a host supports cables communication, unless the username (a certificate hash) is known
- The protocol is stateless and asynchronous, based on short push messages with the other end responding with a series of file pulls; there is no real-time parameters negotiation
- Once a message has been accepted for delivery, it is either delivered to each destination when both parties are online (with a receipt to the sender), or the sender is notified about delivery failure after a preset timeframe; messages are never lost in transactional filesystems
- A regular email client can be used as the user interface, with the cryptography entirely transparent to the end-user
How does cables communication work? Initially, user identity certificates and host identity keys (presently, for Tor hidden service and I2P eepSite) are generated, resulting in two permanent addresses, in the form of gb24hw2h…@5rfvhdhb…dcw6.onion and gb24hw2h…@ukeu3k5o…dkdq.b32.i2p. That's it — you can configure an e-mail client like Claws-Mail to communicate with other cables communication users with either of these addresses; source and destination(s) do not need to use the same host identity types either. Once the source and one of the destinations are online, the message is delivered, and the source receives an authentic acknowledgement. Signing/encryption and decryption/verification are handled transparently to the user, and do not rely on the security of underlying network transport. If the message times out after several days, the sender is notified as well. Cables communication is simple, robust, and safe; see also the Security section.