On 3.1.2011, at 20.49, Bradley Giesbrecht wrote:
One thing that's always itching when I think about mail-servers, is the storage of e-mail messages in (rather) plain-text. Meaning, any administrator with sufficient privileges would be able to read messages not meant for them. Of course, PGP alike solutions exist, but that's not for the masses.
In my opinion I would like to have e-mail messages stored encrypted using a (strong) user-supplied password. That password would ideally be the same as the one the user logs in with. So for me it's okay to place and enforce that requirement on any of the users.
Would forgotten passwords result in lost emails?
If the mails are encrypted with PGP, then..
a) yeah, if you lost your private key or its password, they're lost
b) but you can change the private key's password
c) and you could also sign the messages with a 3rd admin-key and admin would be able to decrypt them, but this would make it all pretty much pointless.