"For end user, only PGP or similar provides sufficient security against admin." (was: [trees-plugin] - Dovecot index gets corrupted,^M when using maildir and recievend and accessing mail at the same time)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 11 Aug 2018, Aki Tuomi wrote:
While this is true, it can be useful to encrypt messages in-rest at 3rd party storage. For end user, only PGP or similar provides sufficient security against admin.
Nice, short, pinpointed words I will file away for upcoming discussions.
And I will file M's response, too, for the management.
Thanks both of you.
-------- Original message --------From: "M. Balridge" dovecot@r.paypc.com Date: 11/08/2018 13:56 (GMT+02:00) To: Dovecot Mailing List dovecot@dovecot.org Subject: Re: [trees-plugin] - Dovecot index gets corrupted, when using maildir and recievend and accessing mail at the same time Quoting Joseph Tam jtam.home@gmail.com:
Another privacy plugin that assumes the server operator is unmotivated or respects your privacy anyways, and won't just skim your password right off the top to look at your mail. A vault with steel walls and a dirt floor.
*SIGH* As usual, you're right on the money, Joseph.
I used to let things like this "slide", but somewhat recently I've had some clients badgering me to implement something like this. It takes longer than it should to explain how pointless the exercise is.
Given that:
Email transactions, from submission, to delivery, to final reception by a MUA, are done with plaintext contents. Those who want security, will undergo the additional steps and hassles with using PGP to encrypt the contents, providing the only demonstrably secure (against "Evil SysAdmins") means of cloaking your content. The submission, delivery, and final reception is still performed as "plaintext", albeit with an attachment that is encrypted, a process done (and undone) by the ultimate endpoint clients.
Even if the "Evil SysAdmin" doesn't scribble all of the users' passphrases into a log, it's trivial for various tools, many of which were hastily cobbled together during the fad of implementing Sarbanes-Oxley Act (SOX) compliance on mail servers. Tools like "milter-bcc" and friends which automatically clone all email submitted to or arriving through SMTP, etc. It doesn't matter if your SMTP software implements 65,536 Jiggabyte Key Quantum-Computing-Resistant crypto, when it has the decrypted contents in its spool.
I imagine this is an exercise in buzzword collection, and to be seen to be "doing something" to improve security and/or privacy.
If privacy is desired, there are only end-to-end encryption/signature schemes to ensure anything at all, and even there we're at the mercy of mathematical gods greater than we.
Looking to a "magical" oracle on your server to do it for you, whilst keeping all of the leaky, plaintext, and promiscuous protocols (DSN, bounces, intermediate MXer hosts that eruct contents to various envelope addresses, etc) that will betray you behind your back without a moment's notice is a Fool's Errand.
Think it over.
=M=
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBW3ErEMQnQQNheMxiAQJZ+Qf9ECwe0SZXwClaM+wHBVdsOPLPuL6rkSzV TAkPe7bV2jnqUL8J0I7F46MW4yV76ttbWMbZ3wP6Mom2roNOqGoQIxWsQLkgZvib Wdg29L0nsMkHY6A5zCRM/n4rvNi/xDHIUWIinZRUWvFr8J6WWkSaYneX2Xjvf6tF 24nj+tqcuYtFomsY802WySgovLZi5y0s8nSSkQ9nnPA44hpozfbQXXf/pO14D2BL vhsiqvLKnS/3wY83Y05RLCsojfQDG3Vbqgm6qV9qkpOtGN9sLV/ufXc8tui070UW FDmV5S/KnP8Z7ru9Hq83JEhxkaApPhcKqIQcpjUIeWyobIwvYr718A== =cbbG -----END PGP SIGNATURE-----
participants (1)
-
Steffen Kaiser