[Dovecot] Pointers for developing a proper encryption plugin?
tomas at tuxteam.de
tomas at tuxteam.de
Fri Jan 7 10:10:30 EET 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Jan 06, 2011 at 12:54:57PM +0100, Christian Felsing wrote:
> Am 04.01.2011 07:38, schrieb tomas at tuxteam.de:
> > The idea upthread (Jan-Frode) to keep a public key server-side and
> > encrypt messages on arrival seems to me the way to go.
>
> I would support that idea. Private key should be encrypted with users
> passphrase. If user changes password privet key needs to be decrypted
> with old password and reencrypted with new password.
Hm. I think I didn't express my idea correctly. The decryption has to
happen client-side if it has to be any worth, IMO.
> Public key never changes, so maildir is never required to be touched, if
> user changes password and server does not need to know users secret to
> receive mail.
>
> I would wish that Timo would consider to implement required functions to
> plugin API, so such a plugin would be possible without massive patching
> Dovecot source code.
As Timo said downthread, there is already such a plugin, but... this
would support decryption server-side (which IMO would be wrong anyway).
For client-side decryption, the infrastructure is (almost) completely
there. GPG for the client (and encryption on delivery -- but every
delivery agent I know of has some hooks for filtering messages).
Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFNJsp2Bcgs9XrR2kYRAg87AJ9K2Aixc6aMozbYvW8BnGL9Tg8vJACfRRVT
l2DOhXS6h5QwXxmuJCbjJL8=
=k96l
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list