On Fri, 2011-03-04 at 06:50 -0500, Matthew Barnes wrote:
> On Fri, 2011-03-04 at 11:40 +0000, David Woodhouse wrote:
> > I'm working on "Enterprise" use of Evolution, and one of the big
> > requirements is encryption of data at rest. The answer "just encrypt the
> > whole of the user's home directory" only puts them off for so long.
> Can you go into more detail about why it's needed?  Would help me to
> better understand the use cases.

Mostly corporate paranoia. If your phone/tablet/laptop is stolen, the
data on it should not be stored in clear text. That would let the thief
read all your ultra-secret memo-list mails.

On mobile devices, this often translates in practice to a policy of "if
you don't encrypt data at rest, you aren't allowed access to the data in
the first place".

This requirement is what leads to such abominations as "Good Mobile
Messaging", where the native email/calendar client on the iPhone isn't
considered secure enough, so people are forced to use a crappy
third-party alternative which *does* do the necessary encryption.

Obviously, the encryption would be *optional*, and enabled per-account.
I wouldn't want to force it on everyone by default.


evolution-hackers mailing list
To change your list options or unsubscribe, visit ...

Reply via email to