"For end user, only PGP or similar provides sufficient security against admin." (was: [trees-plugin] - Dovecot index gets corrupted,^M when using maildir and recievend and accessing mail at the same time)

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 11 Aug 2018, Aki Tuomi wrote:

> While this is true, it can be useful to encrypt messages in-rest at 3rd party storage.
> For end user, only PGP or similar provides sufficient security against admin.

Nice, short, pinpointed words I will file away for upcoming discussions.

And I will file M's response, too, for the management.

Thanks both of you.

> -------- Original message --------From: "M. Balridge" <dovecot at r.paypc.com> Date: 11/08/2018  13:56  (GMT+02:00) To: Dovecot Mailing List <dovecot at dovecot.org> Subject: Re: [trees-plugin] - Dovecot index gets corrupted,
>   when using maildir and recievend and accessing mail at the same time
> Quoting Joseph Tam <jtam.home at gmail.com>:
>
>> Another privacy plugin that assumes the server operator is unmotivated or
>> respects your privacy anyways, and won't just skim your password right off
>> the top to look at your mail.  A vault with steel walls and a dirt floor.
>
> *SIGH* As usual, you're right on the money, Joseph.
>
> I used to let things like this "slide", but somewhat recently I've had some
> clients badgering me to implement something like this. It takes longer than it
> should to explain how pointless the exercise is.
>
> Given that:
>
> 1) Email transactions, from submission, to delivery, to final reception by a
> MUA, are done with plaintext contents. Those who want security, will undergo
> the additional steps and hassles with using PGP to encrypt the contents,
> providing the only demonstrably secure (against "Evil SysAdmins") means of
> cloaking your content. The submission, delivery, and final reception is still
> performed as "plaintext", albeit with an attachment that is encrypted, a
> process done (and undone) by the ultimate endpoint clients.
>
> 2) Even if the "Evil SysAdmin" doesn't scribble all of the users' passphrases
> into a log, it's trivial for various tools, many of which were hastily cobbled
> together during the fad of implementing Sarbanes-Oxley Act (SOX) compliance on
> mail servers. Tools like "milter-bcc" and friends which automatically clone
> all email submitted to or arriving through SMTP, etc. It doesn't matter if
> your SMTP software implements 65,536 Jiggabyte Key Quantum-Computing-Resistant
> crypto, when it has the decrypted contents in its spool.
>
> I imagine this is an exercise in buzzword collection, and to be seen to be
> "doing something" to improve security and/or privacy.
>
> If privacy is desired, there are only end-to-end encryption/signature schemes
> to ensure anything at all, and even there we're at the mercy of mathematical
> gods greater than we.
>
> Looking to a "magical" oracle on your server to do it for you, whilst keeping
> all of the leaky, plaintext, and promiscuous protocols (DSN, bounces,
> intermediate MXer hosts that eruct contents to various envelope addresses,
> etc) that will betray you behind your back without a moment's notice is a
> Fool's Errand.
>
> Think it over.
>
> =M=
>
>

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBW3ErEMQnQQNheMxiAQJZ+Qf9ECwe0SZXwClaM+wHBVdsOPLPuL6rkSzV
TAkPe7bV2jnqUL8J0I7F46MW4yV76ttbWMbZ3wP6Mom2roNOqGoQIxWsQLkgZvib
Wdg29L0nsMkHY6A5zCRM/n4rvNi/xDHIUWIinZRUWvFr8J6WWkSaYneX2Xjvf6tF
24nj+tqcuYtFomsY802WySgovLZi5y0s8nSSkQ9nnPA44hpozfbQXXf/pO14D2BL
vhsiqvLKnS/3wY83Y05RLCsojfQDG3Vbqgm6qV9qkpOtGN9sLV/ufXc8tui070UW
FDmV5S/KnP8Z7ru9Hq83JEhxkaApPhcKqIQcpjUIeWyobIwvYr718A==
=cbbG
-----END PGP SIGNATURE-----