[Dovecot] E-Mail Encryption
tomas at tuxteam.de
tomas at tuxteam.de
Thu Jul 16 13:10:20 EEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Jul 16, 2009 at 12:51:32AM -0700, Seth Mattinen wrote:
[...]
> Encrypting with a public key is completely reasonable, but for proper
> security, the decryption should only take place on the client's trusted
> workstation with their private key.
Hear, hear!
Let me state it again: nothing is gained with server-side *de*cryption
which can't be achieved more easily with disk encryption. Werver-side
encryption is another thing...
Yes, Seth, I'm just paraphrasing you, but this is so important (and
often forgotten) that it cannot be over-emphasised.
And the infrastructure for that is already there: gpg-encrypt every mail
on delivery with the users public key. The user's MUA should take care
of the rest.
Alas, (server-side) full text search goes out of the window with that
(unless there is a clever scheme to do some indexing without giving away
too much info, but there I reached the limit of my knowledge :)
Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKXvyMBcgs9XrR2kYRAijYAJ4nIteX/70MmvpEIeHILbqNictHjACeLAv+
xzTTkbTbhGUdG9HYDItXioI=
=JstP
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list