Re: [SOGo] Storage encryption in SOGo

[Mikhail Emelchenkov]

Obviously, he cannot recover his data then. There are number of solutions to 
help, like storing unencrypted passwords on non connected to lan machine with 
restricted access, or having universal "master" key to decrypt. My use-case 
does not lays in this area, I use SOGo for Calendars/Contacts and ActiveSync 
for iPhone and fully control my own server. Use-case for end-users in 
organisation is different, of course.

Mikhail Emelchenkov
Research & development
www.Emelchenkov.pro , +7 (926) 146-0880

> On 31 Mar 2017, at 14:09, Bogusław Juza (bog...@uci.agh.edu.pl) 
>  wrote:
> 
> Right, but what if user forgots old password and ask admin for
> the new one?

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Storage encryption in SOGo

[Mikhail Emelchenkov]

Haha, yes, I really forgot about Dovecot behind :)). But Contacts/Calendar are 
embedded in SOGo.

Mikhail Emelchenkov
Research & development
www.Emelchenkov.pro , +7 (926) 146-0880

> On 31 Mar 2017, at 13:52, Scott Damron (sdam...@damronhouse.net) 
>  wrote:
> 
> I don’t think you understand what SOGo is, or how it works…it doesn’t store 
> your email, that is done by your email server.

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Storage encryption in SOGo

[bog...@uci.agh.edu.pl]

W dniu 31.03.2017 o 12:41, Mikhail Emelchenkov (mikh...@emelchenkov.pro) 
pisze:

The very first idea: centralised password management. Changing password
will be performing by providing an old password and a new one. New
password will be stored to LDAP/Database, and both old and new will be
send to SOGo API, to re-encrypt encryption key. So no data re-encryption
be needed.


Right, but what if user forgots old password and ask admin for
the new one?

 Boguslaw Juza

--
users@sogo.nu
https://inverse.ca/sogo/lists

RE: [SOGo] Storage encryption in SOGo

[Scott Damron]

I don’t think you understand what SOGo is, or how it works…it doesn’t store 
your email, that is done by your email server.

 
 
From: [mailto:users-requ...@sogo.nu] On Behalf Of Mikhail Emelchenkov
Sent: Friday, March 31, 2017 2:45 AM
To: users@sogo.nu
Subject: [SOGo] Storage encryption in SOGo

 
Hi!

 
Is any kind of storage encryption planning to implement in SOGo? I think about 
this one: encrypt everything (mail, contacts, calendar) with a key encrypted 
with user password which a user send at authentication time. Imagine, if VPS 
where SOGo is installed will be hacked, and whole mail archive will be 
accessible to a hacker.


Mikhail Emelchenkov
Research & development
www.Emelchenkov.pro, +7 (926) 146-0880

 
-- 
users@sogo.nu  
https://inverse.ca/sogo/lists

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Storage encryption in SOGo

[Mikhail Emelchenkov]

Boguslaw,

> Good idea, but what happens if user changes the password, especialy outside 
> the SOGo?


The very first idea: centralised password management. Changing password will be 
performing by providing an old password and a new one. New password will be 
stored to LDAP/Database, and both old and new will be send to SOGo API, to 
re-encrypt encryption key. So no data re-encryption be needed.

Mikhail Emelchenkov
Research & development
www.Emelchenkov.pro , +7 (926) 146-0880
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Storage encryption in SOGo

[bog...@uci.agh.edu.pl]

W dniu 31.03.2017 o 09:45, Mikhail Emelchenkov (mikh...@emelchenkov.pro) 
pisze:

Is any kind of storage encryption planning to implement in SOGo? I think
about this one: encrypt everything (mail, contacts, calendar) with a key
encrypted with user password which a user send at authentication time.
Imagine, if VPS where SOGo is installed will be hacked, and whole mail
archive will be accessible to a hacker.


Good idea, but what happens if user changes the password, especialy 
outside the SOGo?



Boguslaw Juza


--
users@sogo.nu
https://inverse.ca/sogo/lists