martin f krafft wrote: > * Craig Dickson <[EMAIL PROTECTED]> [2001.11.15 10:28:33-0800]: > > Also note that root owns sendmail, or whatever MTA you're using. If he > > really wants to read your mail, it would be much easier for him to do it > > by configuring the MTA to silently copy him on all your messages, so all > > this concern about temporary files and de-allocated disk sectors seems a > > bit silly to me. > > except he's GPG encrypting, which then even root can't read...
Okay, I haven't used gpg for encryption. Are we talking about the sort of double-layer "Only I could have written it, and only you can read it" style of public key encryption, where the cleartext is encrypted once with the sender's private key, and once with the recipient's public key? I suppose that's pretty safe. Of course, root can still fake a digital signature for any of his users, and read any encrypted mail sent to his users, since he has access to his users' private keys on disk, and their stored copies of their correspondents' public keys. Even if those keys are encrypted and require the user to enter a passphrase every time they're used, root can get the passphrase with a tty sniffer. Short of biometric authentication, how can you stop root if he knows what he's doing? And I imagine even biometrics can be compromised if you can modify the software involved. I still say the bottom line is, if you don't trust root, don't use his machine. Craig
