On 02/01/2011 12:36 PM, Manuel Faux wrote: >> "was never intended to" depends on how you look at it :). From my >> point of view it was intended that way because I implemented it that way. >> Djigzo is an email encryption gateway that encrypts and decrypts email >> at the gateway level. If you don't want email to be decrypted at the >> gateway level than don't put the private key on the gateway. If the >> private key is not available, the message cannot be decrypted. > What do you think is the benefit of this feature? Is there any "normal" > situation you forward an encrypted email without reencrypting it? My mail server is configured to process mail for about ten different domains. In all domains, there's mail that is forwarded to one of my personal email addresses. I read that mail on one of three different computers and a smartphone. If encrypted email is not decrypted and re-encrypted on my djigzo server, I'd have to have private keys of all email adresses that I receive mail for, on each of those computers. Because Djigzo neatly reencrypts the mail, I only need one private key for all mail. The fact that the mail is re-encrypted doesn't bother me, because I trust my server. As Martijn said, if some messages are too private and/or secret to be decrypted on the server, just don't put the private key for that particular email address on the server. Like, in a company you could have board members decrypt their email on their laptop. The Djigzo gateway will simply keep the mail encrypted because it can't encrypt it. You could even supply two different certificates to board members, one of wich the private key sits on the Djigzo gateway, the others private key only sits on the persons laptop.
I do agree with you that there's a potential security hole. The fact that you can intercept an encrypted email and redirect it to someone else who can read it unencrypted requires an accomplice inside the organization. If you have "the bad guys" inside your organization, then your problems are not limited to email security. But suppose a very confidential message to the board gets redirected to "[email protected]". Then everybody in the company gets the confidential email, unencrypted. But then, sending email that should be confidential for most of your staff, I don't think it's a good idea to encrypt that with a key that sits on the gateway anyway. Martijn, I do second the wish to have a "paranoid" feature on the gateway. Setting that to "on" for me would mean that I have to keep more private keys on more computers and phones, so I wouldn't use it. dagdag Christine -- The total amount of clue on the Internet is a fixed constant (Bill Cheswick, ca. 1994). The Internet has grown a lot since then (Wietse Venema, 2011). _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
