Hi Michael, > saving an unencrypted version in many cases (like IMAP) puts an unencrypted > copy of the sensitive content on the network
I agree, that should be avoided somehow. > Even if you store it locally it will be readable if your system is > compromised. But storing the unencrypted mail locally in my FileVault/TrueCrypt home directory isn't a big issue - at least in my opinion. > A better idea, IMHO, is making a Spotlight plugin that searches GPG-encrypted > content. This would all happens safely on your client machine. Actually a very nice idea! Writing a spotlight plugin is very straight forward I guess (assuming one is using the OS X keychain to store the gpg passphrase). Although the Spotlight index should be stored on an encrypted volume. Best regards, Alex On 29.01.2011, at 20:28, Michael Koppelman wrote: > This represents a pretty major weakness on the security side of things, > though. Presuming that you encrypt email that has sensitive content, saving > an unencrypted version in many cases (like IMAP) puts an unencrypted copy of > the sensitive content on the network. Even if you store it locally it will be > readable if your system is compromised. > > A better idea, IMHO, is making a Spotlight plugin that searches GPG-encrypted > content. This would all happens safely on your client machine. > > M. > > On Jan 29, 2011, at 12:33 PM, Alexander Willner wrote: > >> Dear Başar, >> >> could you add your ideas to this issue please? >> >> http://gpgtools.lighthouseapp.com/projects/65764/tickets/25 >> >> Best regards, Alex >> >> >> On 29.01.2011, at 13:51, Başar Alabay wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: RIPEMD160 >>> >>> Hello, >>> >>> wouldn't it be interesting to implement an option, that one can encrypt a >>> mail – just to send it away? So it's filed unencrypted. And, when receiving >>> an encrypted mail, the decrypted message is filed in Mail.app. >>> >>> This would make it possible to search in such mails. >>> >>> Greets, >>> B. Alabay >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG/MacGPG2 v2.0.17 (Darwin) >>> Comment: <http://www.gnupg.org/> >>> Comment: Keys updated 2011-01-27 >>> >>> iEYEAREDAAYFAk1EDWIACgkQ6sDC3HmRyHX3jgCcCQeMD5LTBYd1bwFWfMRDdVUn >>> j1MAmgIvv05zU6TnWUoDA/XWjSJXLpu2 >>> =G6kP >>> -----END PGP SIGNATURE----- >>> >>> _______________________________________________ >>> gpgtools-users mailing list >>> gpgtools-users@lists.gpgtools.org >>> FAQ: http://www.gpgtools.org/faq.html >>> Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users >>> Unsubscribe: >>> http://lists.gpgtools.org/mailman/options/gpgtools-users/a...@willner.ws?unsub=Unsubscribe&unsubconfirm=1 >>> >>> This email sent to: a...@willner.ws >> >> _______________________________________________ >> gpgtools-users mailing list >> gpgtools-users@lists.gpgtools.org >> FAQ: http://www.gpgtools.org/faq.html >> Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users >> Unsubscribe: >> http://lists.gpgtools.org/mailman/options/gpgtools-users/lol...@bitstream.net?unsub=Unsubscribe&unsubconfirm=1 >> >> This email sent to: lol...@bitstream.net > > _______________________________________________ > gpgtools-users mailing list > gpgtools-users@lists.gpgtools.org > FAQ: http://www.gpgtools.org/faq.html > Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users > Unsubscribe: > http://lists.gpgtools.org/mailman/options/gpgtools-users/a...@willner.ws?unsub=Unsubscribe&unsubconfirm=1 > > This email sent to: a...@willner.ws
smime.p7s
Description: S/MIME cryptographic signature
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ gpgtools-users mailing list gpgtools-users@lists.gpgtools.org FAQ: http://www.gpgtools.org/faq.html Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users Unsubscribe: http://lists.gpgtools.org/mailman/options/gpgtools-users/arch...@mail-archive.com?unsub=Unsubscribe&unsubconfirm=1 This email sent to: arch...@mail-archive.com
