11 Nov
2013
11 Nov
'13
4:21 p.m.
Please consider to add server side private/public key encryption for incoming mails. If client logs on, the password is used to unlock users server side
*Christian Felsing wrote: * private key.
If mail arrives from MTA or any other source, mail is encrypted with users public key. Key pair should be located in LDAP or SQL server. PGP and S/MIME should be supported.
This is for the situation if NSA or other organizations asks admin for users mail insistently,
So ... exactly which security threat are you thinking about preventing here?
This won't protect against:
- NSA listening in on the mails when they arrive.
- NSA taking a backup of your mails and wait for your first attempt to read them - at which time they'll have your private key in plain text.
It seems like a much wider protection to just keep you private key for your self.
/Peter