- The Simple Messaging and Identity Management Protocol


Hello World! - Introducing SMIMP

08 Jul 2014

I'm Adam Caudill, the primary author of the soon to be released SMIMP specification. SMIMP was born out of a series of conversations about email, and the pain around email security; those that have worked on this project share a common belief:

Email, as we know it today is fatally flawed. Any attempt to fix the security issues will simply add complexity and increase the attack surface. For an email-like system to achieve the security and privacy goals that the modern world requires, the protocol itself must be designed with security in mind, with each and every decision made. Here, the authors of email failed, SMIMP was created to start a meaningful conversation about how to correct their mistakes.

I recently wrote about the issues around email, and somewhat subtly announced the existence of this effort.

The end goal here is to start a conversation, to get people talking about how to solve the problem - and to suggest a viable answer to that question. In the end, personally, my goal is to see the world using a more secure system than email as we know it will ever be able to achieve. Hopefully, this project will help make that a reality.

Current Status

Currently, the first public draft is nearing completion. Access is currently limited to a few reviewers, to prevent too much complaining about the parts that haven't been completed yet. The plain is to release the draft on or before August 4th, 2014. The draft will be posted to Github, to make it easy for anyone to submit changes. While access is a bit limited at the moment, this will be a free and open standard - released under a very liberal license. Free for anyone to implement, change, or use as they like.

The hope of all those involved is that the community will give the specification a thorough review, and provide feedback to help make the protocol what's needed to provide a wide scale, open messaging system to compete with legacy email.

Taylor Hornby has agreed to perform an audit on the specification, and should be complete prior to the first public release. This should help clear up any security issues from the start.

There has been quite a bit of interest in this protocol based on the little that's been published so far - I have high hopes that once the draft is available, that we'll see quite a few implementations.