On Sun, Jul 19, 2009 at 03:48:25PM +0100, Frank Leonhardt (t200907@fjl.co.uk) wrote:
Encrypting the whole disk is good if the server gets pinched. My servers are behind several layers of hi-tech locks with permanent security guards on the door. I'm not too worried about them.
How much good do your locks do when police comes and wants to confiscate your servers because they suspect one of your users has done something criminal? Do you trust they take as good care of the machines as you do?
What experience has shown me is that there's a good chance that a running server will compromised eventually.
Agreed on that.
I'm not in favour of whole disk encryption for data recovery and forensic reasons.
Some people favour it for the very same reasons...
Another advantage of doing your own encryption is the possibility of only encrypting the message bodies. Having the message headers in clear text has obvious advantages. I'm sure we're all used to skipping through mail files to find out what's gone wrong - you never want to read the message anyway.
Agreed again.
Protection against a rogue admin by encryption is a red herring. Such a person would simply not enable the encryption in the first place.
Here I beg to differ. You are right in the simple situation where there's just one admin who's a crook to begin with, but often enough there're several and only one (or few) unreliable ones among them, and even if they're all good they can be forced by their bosses or blackmailers or even untrustworthy authorities. This is not purely theoretical, I can assure you.
Having said all this, I'm fairly relaxed about not having mail files encrypted. I've frequently told everyone to assume that their email is insecure, and if they've got a problem with it they need to use PGP or some other end-to-end encryption on their mail clients. Not my problem!
I think the far majority of cases are like that, and I'd guess most dovecot admins wouldn't bother with encryption even if it were available. But for some it would be a real boon.
-- Tapani Tarvainen