On 25/07/2009 10:37, Tapani Tarvainen wrote:
On Fri, Jul 24, 2009 at 09:39:25PM +0100, Frank Leonhardt (t200907@fjl.co.uk) wrote:
How much good do your locks do when police comes and wants to confiscate your servers because they suspect one of your users has done something criminal? Do you trust they take as good care of the machines as you do? How do you know I'm *not* the Police?
I don't. But I do know dovecot is being used by people who are not, and probably also some who have a reason to distrust the police.
We're in very interesting territory here, and it's going to depend on your local laws. In England the police are pretty okay
Sure. Ditto in Finland. But not everywhere.
<SNIP>
I think we can all agree on that. However, in practical terms it's better if the email users encrypt their own mail and keep the ISP out of it. If the mail user is a friend then they're putting you in a difficult situation (you get tortured instead of them....). If if your a big ISP (e.g. Yahoo) then commercial considerations mean you don't care anyway.
The main reason I'd be in favour of application-based file encryption is to get around the fact that whole-disk encryption is meaningless as protection from the operator - if the operator is dodgy (or someone's bypassed security) then they can read the mail files just as easily as everything else. If the files themselves are encrypted then access to the running system won't reveal their contents (although it would help).
I'm in favour of both whole-disk and application-based encryption. They complement each other, neither makes the other useless.
Agreed again - my argument was that application-specific encryption was useful regardless of whole-disk (and in my scenario, whole-disk isn't much use as the hardware's secure).