On Fri, Jul 24, 2009 at 09:39:25PM +0100, Frank Leonhardt (t200907@fjl.co.uk) wrote:
How much good do your locks do when police comes and wants to confiscate your servers because they suspect one of your users has done something criminal? Do you trust they take as good care of the machines as you do?
How do you know I'm *not* the Police?
I don't. But I do know dovecot is being used by people who are not, and probably also some who have a reason to distrust the police.
We're in very interesting territory here, and it's going to depend on your local laws. In England the police are pretty okay
Sure. Ditto in Finland. But not everywhere.
In England, if you can't decrypt the data it can be a bit awkward (RIPA)
In some places it could save many people from torture and death. (There are situations where the *good* option is having just yourself tortured to death because you *can't* decrypt the data.)
OK, that's a bit extreme, but it's not hard to imagine more common scenarios where being able to just delay the decryption could be useful.
[...] the rogue administrator ought to be able to circumvent encryption anyway - if it's whole disk it's effectively not encrypted.
Whole-disk encryption is ineffective against rogue admins, yes - only application-level encryption (decrypting in client) helps there. But whole-disk encryption is useful against untrustworthy police and burglars, even when application encryption is also being used in the way being discussed, where only message content is encrypted: logs and header information and the like can be critical, too.
The main reason I'd be in favour of application-based file encryption is to get around the fact that whole-disk encryption is meaningless as protection from the operator - if the operator is dodgy (or someone's bypassed security) then they can read the mail files just as easily as everything else. If the files themselves are encrypted then access to the running system won't reveal their contents (although it would help).
I'm in favour of both whole-disk and application-based encryption. They complement each other, neither makes the other useless.
-- Tapani Tarvainen