[Dovecot] E-Mail Encryption

Tapani Tarvainen dovecotlist at tapanitarvainen.fi
Sat Jul 25 12:37:10 EEST 2009 

On Fri, Jul 24, 2009 at 09:39:25PM +0100, Frank Leonhardt (t200907 at fjl.co.uk) wrote:

> > How much good do your locks do when police comes and wants to
> > confiscate your servers because they suspect one of your users
> > has done something criminal? Do you trust they take as good care
> > of the machines as you do?
> 
> How do you know I'm *not* the Police?

I don't. But I do know dovecot is being used by people who are not,
and probably also some who have a reason to distrust the police.

> We're in very interesting territory here, and it's going to depend on your
> local laws. In England the police are pretty okay

Sure. Ditto in Finland. But not everywhere.

> In England, if you can't decrypt the data it can be a bit awkward
> (RIPA)

In some places it could save many people from torture and death.
(There are situations where the *good* option is having just yourself
tortured to death because you *can't* decrypt the data.)

OK, that's a bit extreme, but it's not hard to imagine more common
scenarios where being able to just delay the decryption could
be useful.

> [...] the rogue administrator ought to be able to circumvent encryption
> anyway - if it's whole disk it's effectively not encrypted.

Whole-disk encryption is ineffective against rogue admins, yes -
only application-level encryption (decrypting in client) helps there.
But whole-disk encryption is useful against untrustworthy police
and burglars, even when application encryption is also being used
in the way being discussed, where only message content is encrypted:
logs and header information and the like can be critical, too.

> The main reason I'd be in favour of application-based file encryption is to
> get around the fact that whole-disk encryption is meaningless as protection
> from the operator - if the operator is dodgy (or someone's bypassed
> security) then they can read the mail files just as easily as everything
> else. If the files themselves are encrypted then access to the running
> system won't reveal their contents (although it would help).

I'm in favour of both whole-disk and application-based encryption.
They complement each other, neither makes the other useless.

-- 
Tapani Tarvainen

More information about the dovecot mailing list