[Dovecot] E-Mail Encryption

Frank Leonhardt t200907 at fjl.co.uk
Fri Jul 24 23:39:25 EEST 2009


On 20/07/2009 09:36, tomas at tuxteam.de wrote:
> On Sun, Jul 19, 2009 at 03:48:25PM +0100, Frank Leonhardt wrote:
>> From: tomas at tuxteam.de
>>> We do agree that local encryption of messages is a Good Thing [...]
> 
>>> Did I forget anything?
>> I think that's a pretty good summary of the situation. Where I'd differ
is
>> your risk assessment of the hijacking of a live server.
> 
> I don't think we differ that much. For your typical "web server out
> there" I think there is a non-negligible risk of it being hacked (I
> think that is your assessment too). That means: plan for that
> eventuality. Don't keep things on this machine if you don't have to.
> 
> Or did I get you wrong?

No - I probably got you wrong!

> [elided part: agree wholeheartedly]
> 
>> So, encrypting the mail file makes a lot of sense [...]
> 
> That's why I always talk about *de*crypting. I'm all for encrypting on
> the server (agreed, the server "sees" the clear-text files at some point
> in time, but once they are encrypted and all the remnants out of swap,
> we are safe). What I don't see as an advance (wrt whole-disk encryption)
> is when it's possible to *de*crypt the sensitive data on the server.

Definitely.

>> I'm not in favour of whole disk encryption for data recovery and forensic
>> reasons.
> 
> Agreed on recovery. Not so much on forensics (you'd have to have the
> key, but I'd see that as a Good Thing).

It get's messy. Withholding keys puts you (as the owner of the server) in a
very tricky situation. Better to leave it to the users - if they encrypt the
data then it's not your problem.

>> Having said all this, I'm fairly relaxed about not having mail files
>> encrypted. I've frequently told everyone to assume that their email is
>> insecure, and if they've got a problem with it they need to use PGP or
some
>> other end-to-end encryption on their mail clients. Not my problem!
> 
> Fully agreed, but one would have to entice people to send encrypted mail
> all the time. How would you go about that?

I find that spending lots of money on their credit card gets the message
across :-)




More information about the dovecot mailing list