Are you referring to PGP? I have not heard of GPG... I'd like to see PGP
functionality somehow in sqwebmail as well.
Just wondering.
-Scott
Scott Moynes writes:
> I was briefly considering trying to add support for gpg in some form
> to sqwebmail but came to one sticky point: security.
>
> I forsee several problems, under various implementations, to adding
> gpg support to sqwebmail, and can find no reasonable solution to any
> of them. I will try to summarize them below.
>
> 0) server side secret key security:
> To upload a secret key to a potentially untrusted server
> negates the use of the secret-key basically. If all the mail on the
> mail server were encrypted for a particular secret key, and both were
> basically right beside each other then the encryption is useless. If
> the secret-key were password protected, a cracked server could simply
> attempt a brute-force attack on the key as it has a long time to be
> able to find the secret word for the secret key. Also, the cracked
> server could use a modified binary that would store the secret key
> after the user enters it when encrypting or decrypting mail.
>
> 1) client side secret key security:
> If the secret key is stored on the client machine, and the
> encryption/decryption occurs on the server, nothing is really
> gained. Again, an untrusted or compromised server could easily be
> modified to store this data and the secret key again is useless for
> encryption. The next obvious step would be to use some sort of client
> side processing to do the encryption, say a java applet. This seems to
> be a rather complicated method of proforming the desired task. Also,
> unless the applets were digitally signed themselves, the cracked
> machine could send modified java applets.
>
> 2) authentication:
> One could forgo dencryption all together and only allow for
> signature verification and encrypting outgoing email, but the server
> could be made to respond with correct signature verifications when in
> reality they are failing, and could modify the contents of outgoing
> messages before they digitally signed/encrypted.
>
>
> There are a few other solutions I came up with quickly, but all seemed
> to fail at the trusted-server portion of the equation. This makes me
> think that we could ignore the trust level of the server, and let it
> be up to the user whether they use a gpg on an untrusted host. One
> solution to minimizing the effect could be suggested to users: use a
> seperate key for usage with sqwebmail, and keep another one truly
> secret for truly secret information.
>
> What are other's thoughts on the issue of gpg support? Are the
> obstacles in the way preventing any reasonably safe method of
> implementation, and is the inclusion of gpg support only going to give
> users a false sense of security?
>
>
>
> --
> Scott Moynes]----------------------[[EMAIL PROTECTED]
> Go not unto the Usenet for advice, for you will be told both yea and nay (and
> quite a few things that just have nothing at all to do with the question).
> -- seen in a .sig somewhere
> ------------[http://woodblock.dhs.org/pubkey.asc for public key
> Current RC5-64 rate: 1,724.32 KKeys/s
