[Dovecot] E-Mail Encryption

[Frank Leonhardt]

On 25/07/2009 10:37, Tapani Tarvainen wrote:
> On Fri, Jul 24, 2009 at 09:39:25PM +0100, Frank Leonhardt
(t200907 at fjl.co.uk) wrote:
> 
>>> How much good do your locks do when police comes and wants to
>>> confiscate your servers because they suspect one of your users
>>> has done something criminal? Do you trust they take as good care
>>> of the machines as you do?
>> How do you know I'm *not* the Police?
> 
> I don't. But I do know dovecot is being used by people who are not,
> and probably also some who have a reason to distrust the police.
> 
>> We're in very interesting territory here, and it's going to depend on
your
>> local laws. In England the police are pretty okay
> 
> Sure. Ditto in Finland. But not everywhere.

<SNIP>

I think we can all agree on that. However, in practical terms it's better if
the email users encrypt their own mail and keep the ISP out of it. If the
mail user is a friend then they're putting you in a difficult situation (you
get tortured instead of them....). If if your a big ISP (e.g. Yahoo) then
commercial considerations mean you don't care anyway.

>> The main reason I'd be in favour of application-based file encryption is
to
>> get around the fact that whole-disk encryption is meaningless as
protection
>> from the operator - if the operator is dodgy (or someone's bypassed
>> security) then they can read the mail files just as easily as everything
>> else. If the files themselves are encrypted then access to the running
>> system won't reveal their contents (although it would help).
> 
> I'm in favour of both whole-disk and application-based encryption.
> They complement each other, neither makes the other useless.
> 

Agreed again - my argument was that application-specific encryption was
useful regardless of whole-disk (and in my scenario, whole-disk isn't much
use as the hardware's secure).