[Dovecot] Pointers for developing a proper encryption plugin?

Christian Felsing hostmaster at taunusstein.net
Tue Jan 4 08:06:53 EET 2011


Am 04.01.2011 00:58, schrieb Timo Sirainen:
> a) yeah, if you lost your private key or its password, they're lost

If users are aware of that, that will be ok.

> b) but you can change the private key's password

private key should be encrypted with users password. A "change password"
tool must change passphrase for users private key.

> c) and you could also sign the messages with a 3rd admin-key and admin would be able to decrypt them, but this would make it all pretty much pointless.

This may be desirable in enterprise environments, but not for public
mail services. Admin shoud decide to do so or nor.

Christian


More information about the dovecot mailing list