-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sun, Jul 19, 2009 at 03:48:25PM +0100, Frank Leonhardt wrote:
From: tomas@tuxteam.de
We do agree that local encryption of messages is a Good Thing [...]
Did I forget anything?
I think that's a pretty good summary of the situation. Where I'd differ is your risk assessment of the hijacking of a live server.
I don't think we differ that much. For your typical "web server out there" I think there is a non-negligible risk of it being hacked (I think that is your assessment too). That means: plan for that eventuality. Don't keep things on this machine if you don't have to.
Or did I get you wrong?
[elided part: agree wholeheartedly]
So, encrypting the mail file makes a lot of sense [...]
That's why I always talk about *de*crypting. I'm all for encrypting on the server (agreed, the server "sees" the clear-text files at some point in time, but once they are encrypted and all the remnants out of swap, we are safe). What I don't see as an advance (wrt whole-disk encryption) is when it's possible to *de*crypt the sensitive data on the server.
[...]
I'm not in favour of whole disk encryption for data recovery and forensic reasons.
Agreed on recovery. Not so much on forensics (you'd have to have the key, but I'd see that as a Good Thing).
[...]
Having said all this, I'm fairly relaxed about not having mail files encrypted. I've frequently told everyone to assume that their email is insecure, and if they've got a problem with it they need to use PGP or some other end-to-end encryption on their mail clients. Not my problem!
Fully agreed, but one would have to entice people to send encrypted mail all the time. How would you go about that?
Regards
- -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKZCyYBcgs9XrR2kYRApKgAJ9UrFBe8VtJJP/3a/nC6m+USD65pgCeMqrS V8IBFpcqiSs0kl+LCrf2bz0= =SofB -----END PGP SIGNATURE-----