[Dovecot] Pointers for developing a proper encryption plugin?

Timo Sirainen tss at iki.fi
Fri Jan 7 10:10:54 EET 2011


On 7.1.2011, at 10.16, tomas at tuxteam.de wrote:

> But the other techniques discussed here (e.g. having a Dovecot plugin
> decrypt the mails before serving) seem to me nearly useless (at least
> not worth the bother). Because at some point, this very plugin must have
> the key available in some unprotected form, and then whoever compromises
> the server can capture the key. So it wouldn't reduce signifcantly the
> area of vulnerability.

There is also the possibility of doing the decryption on a more trusted Dovecot proxy.



More information about the dovecot mailing list