-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, Jul 16, 2009 at 09:36:30AM -0500, Justin Krejci wrote:
Some companies and governments in the United States at least have very strict policy requirements regarding various aspects of security and encryption.
Understandable.
Transit encryption (ssl/tls from MTA to MTA)
This makes sense, since one might assume the channel to be less secure than the endpoints. Note though that the most important part is the _authentication_ part, and this encompasses things like a key distribution ifrastructure (à la PKI or some such). And this is the juicy part.
and localencryption of messages
We do agree that local encryption of messages is a Good Thing. But just like that, without context, this phrase just amounts to Marketing Oriented Hand Wawing, sorry. The meat of the discussion (and what was being talked about in this thread is:
where do you decrypt? (1)Server-side? (1.1) Only on the "running" server? (nearly equivalent to this would be to have a permanent key storage on the server, but suitably armored by passphrase). (1.2) On the "quiescent" server? (2)client-side?
Now it all amounts to the threat models you want to protect against.
(1.2) just protects you against very little. Whoever "gets" the server (dead or alive) gets the decryption key. You've lost. And if your server is sufficiently protected, you just don't need encryption.
(1.1) would protect yoou against someone "getting" the "dead" server (e.g. by stealing its disk). Just the same as encrypting the whole disk (assuming the unlock passprhase isn't stored near the server). Encrypting the whole disk has even the advantage that your swap space will be encrypted, which protects you against key bits hitting swap (by some dumb bug in key management software -- this has definitely happened!).
This option doen't offer any relief if someone hi-jacks the
"live" server (trojan or similar).
So For this threat model (no hi-jacking, just loss of hardware)
I'd definitely go for whole-disk encryption. That's what I do
with my laptops.(2) This is actually the best solution. It won't protect you against the client being hi-jacked or stolen, but all other schemes above are vulnerable against that.
Did I forget anything?
Corollary: Decrypting data server-side buys you (nearly) nothing compared to whole-disk encryption server side.
sometimes is a requirement if you want to be able tobid on government contracts.
Sorry, I didn't understand the page you linked to.
This example is not for hosting mail but for an anti-spam/anti-virus service (they refer to it as email hygiene) that required message encryption on the transit MTA servers disk as well as tls/ssl for MTA to MTA encryption.
Sorry. "required message encryption on the transit MTA" is just this kind of handwaving: to decide whether this is useful or Just Another Checkbox For Marketing (TM), you'd have to specify more (at least *who will be able to decrypt that stuff*).
Regards
- -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKYEMnBcgs9XrR2kYRAilcAJ97p36ZpQzBJuDp6zwSwjoWLOgBlwCcCnAJ bQH1pfumJel/WtEVDAFuGEo= =1MRQ -----END PGP SIGNATURE-----