[Dovecot] server side private/public key
Peter Mogensen
apm at one.com
Mon Nov 11 16:21:37 EET 2013
*Christian Felsing wrote:
*
> Please consider to add server side private/public key encryption for
incoming mails.
> If client logs on, the password is used to unlock users server side
private key.
> If mail arrives from MTA or any other source, mail is encrypted with
users public key.
> Key pair should be located in LDAP or SQL server. PGP and S/MIME
should be supported.
> This is for the situation if NSA or other organizations asks admin for
> users mail insistently,
So ... exactly which security threat are you thinking about preventing here?
This won't protect against:
* NSA listening in on the mails when they arrive.
* NSA taking a backup of your mails and wait for your first attempt to read them - at which time they'll have your private key in plain text.
It seems like a much wider protection to just keep you private key for your self.
/Peter
More information about the dovecot
mailing list