While this is true, it can be useful to encrypt messages in-rest at 3rd party storage.

For end user, only PGP or similar provides sufficient security against admin.

---
Aki Tuomi
Dovecot oy

-------- Original message --------
From: "M. Balridge" <dovecot@r.paypc.com>
Date: 11/08/2018 13:56 (GMT+02:00)
To: Dovecot Mailing List <dovecot@dovecot.org>
Subject: Re: [trees-plugin] - Dovecot index gets corrupted,   when using maildir and recievend and accessing mail at the same time

Quoting Joseph Tam <jtam.home@gmail.com>:

> Another privacy plugin that assumes the server operator is unmotivated or
> respects your privacy anyways, and won't just skim your password right off
> the top to look at your mail.  A vault with steel walls and a dirt floor.

*SIGH* As usual, you're right on the money, Joseph.

I used to let things like this "slide", but somewhat recently I've had some
clients badgering me to implement something like this. It takes longer than it
should to explain how pointless the exercise is.

Given that:

1) Email transactions, from submission, to delivery, to final reception by a
MUA, are done with plaintext contents. Those who want security, will undergo
the additional steps and hassles with using PGP to encrypt the contents,
providing the only demonstrably secure (against "Evil SysAdmins") means of
cloaking your content. The submission, delivery, and final reception is still
performed as "plaintext", albeit with an attachment that is encrypted, a
process done (and undone) by the ultimate endpoint clients.

2) Even if the "Evil SysAdmin" doesn't scribble all of the users' passphrases
into a log, it's trivial for various tools, many of which were hastily cobbled
together during the fad of implementing Sarbanes-Oxley Act (SOX) compliance on
mail servers. Tools like "milter-bcc" and friends which automatically clone
all email submitted to or arriving through SMTP, etc. It doesn't matter if
your SMTP software implements 65,536 Jiggabyte Key Quantum-Computing-Resistant
crypto, when it has the decrypted contents in its spool.

I imagine this is an exercise in buzzword collection, and to be seen to be
"doing something" to improve security and/or privacy.

If privacy is desired, there are only end-to-end encryption/signature schemes
to ensure anything at all, and even there we're at the mercy of mathematical
gods greater than we.

Looking to a "magical" oracle on your server to do it for you, whilst keeping
all of the leaky, plaintext, and promiscuous protocols (DSN, bounces,
intermediate MXer hosts that eruct contents to various envelope addresses,
etc) that will betray you behind your back without a moment's notice is a
Fool's Errand.

Think it over.

=M=