[Dovecot] server side private/public key
Please consider to add server side private/public key encryption for incoming mails. If client logs on, the password is used to unlock users server side
*Christian Felsing wrote: * private key.
If mail arrives from MTA or any other source, mail is encrypted with users public key. Key pair should be located in LDAP or SQL server. PGP and S/MIME should be supported.
This is for the situation if NSA or other organizations asks admin for users mail insistently,
So ... exactly which security threat are you thinking about preventing here?
This won't protect against:
- NSA listening in on the mails when they arrive.
- NSA taking a backup of your mails and wait for your first attempt to read them - at which time they'll have your private key in plain text.
It seems like a much wider protection to just keep you private key for your self.
/Peter
On 11.11.2013, at 16.21, Peter Mogensen apm@one.com wrote:
*Christian Felsing wrote: *
Please consider to add server side private/public key encryption for incoming mails. If client logs on, the password is used to unlock users server side private key. If mail arrives from MTA or any other source, mail is encrypted with users public key. Key pair should be located in LDAP or SQL server. PGP and S/MIME should be supported.
http://dovecot.org/patches/2.2/mail-filter.tar.gz can be used to implement this.
Serverside private key probably doesn't protect against much, but a way for users to upload a public key and automatically encrypt all messages when received might have value. Limits exposure for messages at rest.
-jf
Den 11. nov. 2013 kl. 15:21 skrev Peter Mogensen apm@one.com:
*Christian Felsing wrote: *
Please consider to add server side private/public key encryption for incoming mails. If client logs on, the password is used to unlock users server side private key. If mail arrives from MTA or any other source, mail is encrypted with users public key. Key pair should be located in LDAP or SQL server. PGP and S/MIME should be supported.
This is for the situation if NSA or other organizations asks admin for users mail insistently,
So ... exactly which security threat are you thinking about preventing here?
This won't protect against:
- NSA listening in on the mails when they arrive.
- NSA taking a backup of your mails and wait for your first attempt to read them - at which time they'll have your private key in plain text.
It seems like a much wider protection to just keep you private key for your self.
/Peter
participants (3)
-
Jan-Frode Myklebust
-
Peter Mogensen
-
Timo Sirainen