oh, and keep your gpg (or s/mime) private keys on your person (floppy disk? usb drive? crypto-card?) rather than in your local machine's home directory.
but even that has weaknesses :) Jeff On Wed, 2005-01-05 at 16:28 -0500, Jeffrey Stedfast wrote: > On Wed, 2005-01-05 at 15:10 -0600, Ron Johnson wrote: > > On Wed, 2005-01-05 at 14:36 -0500, Jeffrey Stedfast wrote: > > > On Thu, 2005-01-06 at 00:40 -0800, Amish Munshi wrote: > > > > Jeffrey Stedfast wrote: > > [snip] > > > > > > > You dont have people in the market who > > > > can read encrypted mails, but you will definately have admins who will > > > > read mails if they are in plain text. > > > > > > then you fire them. > > > > After the damage is done, and *if* you catch him, some long time > > after the fact. > > > > [snip] > > > root has access to memory (even gpg has to store the password in memory > > > while decrypting something) and root also has access to your private > > > keys. > > > > > > so yes, they can decrypt it. > > > > But it's more difficult to find keys in RAM than to page thru an > > mbox. > > it doesn't matter - the whole gpg argument is pointless anyway and has > no bearing on the original discussion. > > we're talking about encrypting the mail only once it arrives on the > local machine... but presumably the admin can read the mail long before > it even gets to the user's local machine. so... the point of encrypting > would be...????? > > since the admin has the ability to page thru the mbox file on the > server, why even bother trying to page thru memory to find the key on > the user's local machine in the first place? :) > > this whole discussion is about "make me believe it's more secure even > tho it isn't" which is a complete waste of our resources. > > if you guys want to send us a patch, go for it - but even you have to > admit that it doesn't fix the problem. > > the way to solve this is to have everyone send you PGP/MIME (or S/MIME) > encrypted messages to start with, then it really is "secure" from start > to finish. > > that is the ONLY solution. period. > > Jeff > -- Jeffrey Stedfast Evolution Hacker - Novell, Inc. [EMAIL PROTECTED] - www.novell.com
smime.p7s
Description: S/MIME cryptographic signature
