[Dovecot] server side private/public key
Jan-Frode Myklebust
janfrode at tanso.net
Mon Nov 11 19:04:35 EET 2013
Serverside private key probably doesn't protect against much, but a way for users to upload a public key and automatically encrypt all messages when received might have value. Limits exposure for messages at rest.
-jf
> Den 11. nov. 2013 kl. 15:21 skrev Peter Mogensen <apm at one.com>:
>
> *Christian Felsing wrote:
> *
> > Please consider to add server side private/public key encryption for incoming mails.
> > If client logs on, the password is used to unlock users server side private key.
> > If mail arrives from MTA or any other source, mail is encrypted with users public key.
> > Key pair should be located in LDAP or SQL server. PGP and S/MIME should be supported.
>
>> This is for the situation if NSA or other organizations asks admin for
>> users mail insistently,
>
> So ... exactly which security threat are you thinking about preventing here?
>
> This won't protect against:
> * NSA listening in on the mails when they arrive.
> * NSA taking a backup of your mails and wait for your first attempt to read them - at which time they'll have your private key in plain text.
>
> It seems like a much wider protection to just keep you private key for your self.
>
> /Peter
>
More information about the dovecot
mailing list