tomas@tuxteam.de wrote:
Let me state it again: nothing is gained with server-side *de*cryption which can't be achieved more easily with disk encryption. Werver-side encryption is another thing...
One use case is where you have regulatory or policy determination that certain email should be unreadable even to certain groups of users who have elevated access to the server.
Obviously you need to beware network sniffers on the inbound side, but take a look at MSExchange to see how they fairly cunningly encrypt in such a way that you can grant certain users rights to see certain mailboxes and encryption is used to make sure that permission is fairly thoroughly enforced.
The main purpose is that you really want to minimise the backdoor where the IT admins have access to potentially sensitive emails from management/traders/corporate finance/legal, etc in large organisations
Sure it's hard to totally eliminate the ability for the IT guys to get up to no good, but as far as possible things need to be locked down and a granular encryption solution is the main way to tackle that. (But whole disk encryption is at least a good start).
Complete end to end encryption is a cunning idea and of course the only way to be sure there are no man in the middle attacks, but of course this breaks all server based content filtering and virus scanning, so it's unpopular right now... Most solutions need to involve a trusted server application sitting in the middle
WOuld be extremely interested to hear from anyone using Dovecot in some kind of "big biz" environment and how they tackle various policy issues like this?
Cheers
Ed W