end-to-end encryption

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 15 May 2018, Gandalf Corvotempesta wrote:

> I was looking at protonmail.com
> Is possible to implement and end-to-end encryption with dovecot, where
> server-side there is no private key to decrypt messages?

Maybe the term "end-to-end encryption" has changed, but usually that 
means that clients are the "end". Hence, there are no keys on the server. 
There are some approaches to automatic key discovery and hosting with 
GnuPG's WKD / WKS.

> If I understood properly, on protonmail the private key is encrypted with
> user's password, so that only an user is able to decrypt the mailbox.

When the encryption takes place on the server, the server admin is able to 
tinker the process, hence, this is no end-to-end. But, read Aki's fine 
answer about this.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBWvvNJcQnQQNheMxiAQKGvggAmTSJypn1AnTbarajkEoTWw3q3ciBjDFP
Ivv7ENlbXLVVEurx+KWCvP/eO3OnMunUKQjBcTqc9q4fuaDD8GK8CssP1I31oi1i
FC4FPOU2U3WGlOjGmgCUsAJuQpdO3kyy28UGWZgmWLFOqDrGtBh3xEGJxOpxI3MH
w1Sqhig9M//CBVT+cT5+jcQy2YxuHJODFQj0rhimdRXmK+xSsQioxlUrKpXihw1U
n594pw9ogXkZPm5MoEsOahtqxwtXtWbzUqnQZiq3mPDWTtHj0YsSz2HoSAix8oJ/
mGOazhZwLTKYyRLjjTfzmKtT6XMvuHINqXIcrG78t7L9bJwIjdfpnQ==
=VBMS
-----END PGP SIGNATURE-----