7 Jan
2011
7 Jan
'11
10:10 a.m.
On 7.1.2011, at 10.16, tomas@tuxteam.de wrote:
But the other techniques discussed here (e.g. having a Dovecot plugin decrypt the mails before serving) seem to me nearly useless (at least not worth the bother). Because at some point, this very plugin must have the key available in some unprotected form, and then whoever compromises the server can capture the key. So it wouldn't reduce signifcantly the area of vulnerability.
There is also the possibility of doing the decryption on a more trusted Dovecot proxy.