-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 11 Aug 2018, Aki Tuomi wrote:
While this is true, it can be useful to encrypt messages in-rest at 3rd party
storage.
For end user, only PGP or similar provides sufficient security against admin.
Nice, short, pinpointed words I will file away for upcoming discussions.
And I will file M's response, too, for the management.
Thanks both of you.
-------- Original message --------From: "M. Balridge" <[email protected]> Date:
11/08/2018 13:56 (GMT+02:00) To: Dovecot Mailing List <[email protected]> Subject: Re:
[trees-plugin] - Dovecot index gets corrupted,
when using maildir and recievend and accessing mail at the same time
Quoting Joseph Tam <[email protected]>:
Another privacy plugin that assumes the server operator is unmotivated or
respects your privacy anyways, and won't just skim your password right off
the top to look at your mail. A vault with steel walls and a dirt floor.
*SIGH* As usual, you're right on the money, Joseph.
I used to let things like this "slide", but somewhat recently I've had some
clients badgering me to implement something like this. It takes longer than it
should to explain how pointless the exercise is.
Given that:
1) Email transactions, from submission, to delivery, to final reception by a
MUA, are done with plaintext contents. Those who want security, will undergo
the additional steps and hassles with using PGP to encrypt the contents,
providing the only demonstrably secure (against "Evil SysAdmins") means of
cloaking your content. The submission, delivery, and final reception is still
performed as "plaintext", albeit with an attachment that is encrypted, a
process done (and undone) by the ultimate endpoint clients.
2) Even if the "Evil SysAdmin" doesn't scribble all of the users' passphrases
into a log, it's trivial for various tools, many of which were hastily cobbled
together during the fad of implementing Sarbanes-Oxley Act (SOX) compliance on
mail servers. Tools like "milter-bcc" and friends which automatically clone
all email submitted to or arriving through SMTP, etc. It doesn't matter if
your SMTP software implements 65,536 Jiggabyte Key Quantum-Computing-Resistant
crypto, when it has the decrypted contents in its spool.
I imagine this is an exercise in buzzword collection, and to be seen to be
"doing something" to improve security and/or privacy.
If privacy is desired, there are only end-to-end encryption/signature schemes
to ensure anything at all, and even there we're at the mercy of mathematical
gods greater than we.
Looking to a "magical" oracle on your server to do it for you, whilst keeping
all of the leaky, plaintext, and promiscuous protocols (DSN, bounces,
intermediate MXer hosts that eruct contents to various envelope addresses,
etc) that will betray you behind your back without a moment's notice is a
Fool's Errand.
Think it over.
=M=
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBW3ErEMQnQQNheMxiAQJZ+Qf9ECwe0SZXwClaM+wHBVdsOPLPuL6rkSzV
TAkPe7bV2jnqUL8J0I7F46MW4yV76ttbWMbZ3wP6Mom2roNOqGoQIxWsQLkgZvib
Wdg29L0nsMkHY6A5zCRM/n4rvNi/xDHIUWIinZRUWvFr8J6WWkSaYneX2Xjvf6tF
24nj+tqcuYtFomsY802WySgovLZi5y0s8nSSkQ9nnPA44hpozfbQXXf/pO14D2BL
vhsiqvLKnS/3wY83Y05RLCsojfQDG3Vbqgm6qV9qkpOtGN9sLV/ufXc8tui070UW
FDmV5S/KnP8Z7ru9Hq83JEhxkaApPhcKqIQcpjUIeWyobIwvYr718A==
=cbbG
-----END PGP SIGNATURE-----
