From 27bc6148c4aa9f6414d4ebf7e6472690fc42f371 Mon Sep 17 00:00:00 2001
From: Oskar Thoren <ot@oskarthoren.com>
Date: Thu, 29 Aug 2019 14:34:47 +0200
Subject: [PATCH] mailserver security considerations, stumps and elaborate a
 few

---
 status-whisper-mailserver-spec.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/status-whisper-mailserver-spec.md b/status-whisper-mailserver-spec.md
index bfdef8b..3173702 100644
--- a/status-whisper-mailserver-spec.md
+++ b/status-whisper-mailserver-spec.md
@@ -31,4 +31,24 @@ TBD.
 
 ## Security considerations
 
+### Confidentiality
+
+All Whisper envelopes are encrypted, and a mailserver node can't inspect their contents.
+
+### High-availability
+
+Since mailservers rely on being online to receive messages on behalf of other clients, this puts a high-availability requirement on individual nodes.
+
+In practice, it is best to treat individual nodes as a form of a cache, and ensure consistency of messages at a different layer. See data sync layer.
+
+### Altruistic and centralized operator risk
+
+TBD.
+
+### Privacy concerns
+
+In order to use a mail server, a given node needs to connect to it directly, i.e. add the mail server as its peer and mark it as trusted. This means that the mail server is able to send direct p2p messages to the node instead of broadcasting them. Effectively, it knows which topics the node is interested in, when it is online as well as many metadata like IP address.
+
+### Denial-of-service
+
 TBD.