You're cracking the wrong nut. We've concluded : You can't enforce everyone to ensure their email is decryptable. So the solution is to make sure they don't get encrypted email.
Use GPG at a gateway level and deny any internal mail that can't be decrypted. This is the way PGPU can work. All internal users' keys are stored on the PGPU server, users don't need to know their passwords or anything about their keys. The server decrypts or encrypts as required. All traffic on your local network is in the clear. We used to have a TFS server doing something similar using GPG. (you need to buy TFS, I don't know if there is a free solution out there) Of course if your encryption policy is designed to prevent colleagues reading each others email, then this doesn't work. But if people can access each others mailboxes, you've got a different problem (with file permissions)! If it's too many people with root/administrator account that can read everyone's mail causing fear, then move the mail server to a new, more secure box and only one person has the password (probably you should have sudo or similar setup so you can do admin tasks). Max > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Robert J. Hansen > Sent: 14 February 2008 05:24 > To: [email protected] > Subject: Re: Corporate use of gnupg > > Quoting [EMAIL PROTECTED]: > > And what do they want to do with the recieved emails? The only > > possibility I see is to put everyone's private keys and > passowrds into > > a safe - then you can decrypt sent and received mail later. > > Same problem exists with PGP's ADK feature, which should > really be named an ARR, for Additional Recipient Request. > While ADK usage can be enforced within the ADK-using group > (mostly: there are some caveats), emails from outside the > group going in to the group are under no such restrictions. > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > > > _______________________________________________ > Gnupg-users mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnupg-users >
PGP.sig
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
