-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, Jan 06, 2011 at 12:54:57PM +0100, Christian Felsing wrote:
Am 04.01.2011 07:38, schrieb tomas@tuxteam.de:
The idea upthread (Jan-Frode) to keep a public key server-side and encrypt messages on arrival seems to me the way to go.
I would support that idea. Private key should be encrypted with users passphrase. If user changes password privet key needs to be decrypted with old password and reencrypted with new password.
Hm. I think I didn't express my idea correctly. The decryption has to happen client-side if it has to be any worth, IMO.
Public key never changes, so maildir is never required to be touched, if user changes password and server does not need to know users secret to receive mail.
I would wish that Timo would consider to implement required functions to plugin API, so such a plugin would be possible without massive patching Dovecot source code.
As Timo said downthread, there is already such a plugin, but... this would support decryption server-side (which IMO would be wrong anyway).
For client-side decryption, the infrastructure is (almost) completely there. GPG for the client (and encryption on delivery -- but every delivery agent I know of has some hooks for filtering messages).
Regards
- -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFNJsp2Bcgs9XrR2kYRAg87AJ9K2Aixc6aMozbYvW8BnGL9Tg8vJACfRRVT l2DOhXS6h5QwXxmuJCbjJL8= =k96l -----END PGP SIGNATURE-----