[Dovecot] Pointers for developing a proper encryption plugin?
Timo Sirainen
tss at iki.fi
Fri Jan 7 10:10:54 EET 2011
On 7.1.2011, at 10.16, tomas at tuxteam.de wrote:
> But the other techniques discussed here (e.g. having a Dovecot plugin
> decrypt the mails before serving) seem to me nearly useless (at least
> not worth the bother). Because at some point, this very plugin must have
> the key available in some unprotected form, and then whoever compromises
> the server can capture the key. So it wouldn't reduce signifcantly the
> area of vulnerability.
There is also the possibility of doing the decryption on a more trusted Dovecot proxy.
More information about the dovecot
mailing list