Mail-crypt plugin clarification
Joseph Tam
jtam.home at gmail.com
Fri Dec 15 02:29:09 EET 2017
Aki Tuomi writes:
> Dovecot does support making it difficult to prevent access to the stored
> mail.
Those who have had problems understanding the documentation might find
this unintended double-negative ironically funny.
> You can, with suitable workflows, ensure that the user's emails are not
> readable by anyone but the user. Of course the only way to be fully
> sure is to use end-to-end encryption, ...
"Ensure" (or OP: "impossible") are very high standards of privacy.
If the OP really means it, then since a third party has control over
the (virtual or real) hardware, the server should never have access to
private keys or decrypted data. (We're in agreement I think.)
If the OP lowers their standards to "inconvenient" to gain access,
then the plugin is enough. It will keep the honest admin honest.
> ... like PGP or S/MIME, but this does go a long way to prevent admin access
> to user's email.
Don't ignore metadata; who/when/where (and headers?) could reveal much
information.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list