Serverside private key probably doesn't protect against much, but a way for users to upload a public key and automatically encrypt all messages when received might have value. Limits exposure for messages at rest.
-jf > Den 11. nov. 2013 kl. 15:21 skrev Peter Mogensen <a...@one.com>: > > *Christian Felsing wrote: > * > > Please consider to add server side private/public key encryption for > > incoming mails. > > If client logs on, the password is used to unlock users server side private > > key. > > If mail arrives from MTA or any other source, mail is encrypted with users > > public key. > > Key pair should be located in LDAP or SQL server. PGP and S/MIME should be > > supported. > >> This is for the situation if NSA or other organizations asks admin for >> users mail insistently, > > So ... exactly which security threat are you thinking about preventing here? > > This won't protect against: > * NSA listening in on the mails when they arrive. > * NSA taking a backup of your mails and wait for your first attempt to read > them - at which time they'll have your private key in plain text. > > It seems like a much wider protection to just keep you private key for your > self. > > /Peter >
