Mark Constable writes:
On 08 Jan 2008 22:03, Sam Varshavchik wrote:And if the underlying storage is encrypted they're still not in full control, since the messages can be easily intercepted before they are saved to disk.If the MTA's local delivery agent handled the encryption, using a public key supplied by and from the users homedir, it would eliminate any other user on the system from interferring with the messages.
And then what? The mail client gets back the encrypted message, so the mail client needs to be modified anyway, in order for it to decrypt it, using the private key. So you have to modify the mail client in any case, you can't handle everything transparently on the server's end.
And you can't do that anyway for the simple reason that an IMAP server needs to read the headers in the message. Not just the top level headers, but the headers of every MIME section in the message. So, you can't just plob an encrypted file, and expect IMAP to work.
And even with POP3, the POP3 server expects to have some line-oriented file to deal with. A binary blob won't do.
So, no matter how you slice or dice it, you have to modify the mail client, and if you're going to do that, you might as well use ol' reliable OpenPGP, so that all server mail software doesn't need to do anything special, as far as it's concerned it's just another mail message.
I disagree because there is no way anyone can ensure general incoming mail from a wide range of sources would be encrypted by the sender. Widespread general use of PGP may never happen.
Maybe, maybe not. But some kind of on-the-fly secure encryption of mail messages on the server side will NEVER happen, unless certain physical laws of our universe are adjusted.
PGP would be reasonable in a situation where a user pulls their mail via POP, then PGP encrypts it locally and then re-uploads it back up to the server for storage under another user account... but that's dumb when the LDA could have done the encryption at the first point of the delivery
And then what? Who's going to decrypt it? The server again, when it needs to deal with the message? So, you put the private key on the server. What exactly have we accomplished here?
pgpuieKezkQnl.pgp
Description: PGP signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
