Sim Zacks wrote: > I've read a lot about password encryption with dbmail, but does (or can) > dbmail support encrpytion of the actual messages? > Our CEO and CFO are both very concerned with the idea of switching to > IMAP because it would make it simple for the system administrators to > read their email. They aren't as concerned with sniffers and stuff like > that because that would require constant vigil. They are concerned that > someone can open the mysql database (or go into the dbmailadministrator > web front end) and query the database. > > I was thinking that mail clients generally support SSL, which leads me > to believe that if the user's public key is stored on the server then > the dbmail should be able to encrypt all messages going into his box > before they are stored and then the client will be able to open it with > their private key. > > Is something like this in place already?
yes, it's called GNU-PG, which is compatible with PGP. Most modern clients support PGP email or S/MIME. Really, if your CEO/CFO doesn't trust his sysadmins they should fire them. Sysadmins have access to confidential information no matter what. Doing on-the-fly encryption during insertion is a *bad* idea. Using clients that use ssl/tls don't have a user-key, they have a server-keypair only. And anyone who has access to the server keys can decrypt both traffic and the messages stored using the server keypair. Using the users' passwords or some other userbased secret is not an option because emails are not stored per user. With single-instance-storage message parts are just that: unconnected fragments of email. They are re-assembled into readable email during retrieval, but individual message parts can and will be part of totally unrelated messages. -- ________________________________________________________________ Paul Stevens paul at nfg.nl NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31 The Netherlands________________________________http://www.nfg.n _______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
