On Wed, 06 Dec 2006 10:59:14 -0500 [EMAIL PROTECTED] wrote: >Send Gnupg-users mailing list submissions to > [email protected] > >To subscribe or unsubscribe via the World Wide Web, visit > http://lists.gnupg.org/mailman/listinfo/gnupg-users >or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > >You can reach the person managing the list at
>Message: 1 >Date: Wed, 06 Dec 2006 12:52:14 +0200 >From: Eray Aslan <[EMAIL PROTECTED]> >We provide IMAP+SSL and POP3+SSL email access to our employees. >Plain >IMAP and POP3 is not provided. SMTP is also secured. We also >provide >webmail service secured with HTTPS. Again plain HTTP is not >allowed. >This is basic stuff. So eavesdropping on the wire is not my main >concern. And mails are stored on IMAP servers with encrypted file >systems. > >This is not an authentiation issue because you can change the >authentication method at the server. I want the emails to stay >encrypted even if the server is compromised. I don't want anyone >with >the root password to say "that is what you wrote 2 months ago" >unless he >has my secret key. And that is what GnuPG does, no? > >And since all our email accounts are virtual - meaning thay don't >have a >shell account, dont have a home directory and emails are stored >under >the same UID at the server - I have to solve this at the MUA >level. >Please tell if there is an alternative. at the risk of sounding simplistic, maybe there is not too difficult workaround: [1] make it an option to save mail that is sent, and make the default as 'not' saving it [2]those wishing to have their sent mail stored encrypted, can forward the sent mail to to self, (as this is not usually done, it must be implemented to 'allow' it, but that shouldn't be that hard to do), and encrypt the forwarded mail with the sender's default key [3] add something in the subject line like: 'forwarded mail of 'date', encrypted' [4] add a disclaimer that users choosing to save mail in the 'sent' folder without encrypting it, will have it stored as cleartext on the server this keeps the users informed, gives them a choice, allows them to be protected (and does so by default) and protects the provider vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
