*Christian Felsing wrote:
*
> Please consider to add server side private/public key encryption for
incoming mails.
> If client logs on, the password is used to unlock users server side
private key.
> If mail arrives from MTA or any other source, mail is encrypted with
users public key.
> Key pair should be located in LDAP or SQL server. PGP and S/MIME
should be supported.
This is for the situation if NSA or other organizations asks admin for
users mail insistently,
So ... exactly which security threat are you thinking about preventing here?
This won't protect against:
* NSA listening in on the mails when they arrive.
* NSA taking a backup of your mails and wait for your first attempt to read
them - at which time they'll have your private key in plain text.
It seems like a much wider protection to just keep you private key for your
self.
/Peter
