Re: [courier-users] Encrypted IMAP Storage

On 08 Jan 2008 22:03, Sam Varshavchik wrote:
> > Has anyone tried or considered a scheme whereby the
> > contents of stored maildirs are encrypted on the server
> > with the keys controlled by the end user ?
>
> No, I've not abused drugs /that/ much.

Well then... keep trying :)

> > The main objection I hear from some clients, who prefer
> > to use POP, is that they don't feel comfortable leaving
> > sensitive business or personal info somewhere they really
> > do not have any control over.
>
> And if the underlying storage is encrypted they're still not in full
> control, since the messages can be easily intercepted before they are saved
> to disk.

If the MTA's local delivery agent handled the encryption,
using a public key supplied by and from the users homedir,
it would eliminate any other user on the system from
interferring with the messages. Sure, Google Mail engineers
and hacked LDA's could intercept messages on contrived
systems but, in general, once messages were encrypted
then they would be safe from further prying.

I have some users with stored messages that are over 3
years old... they use IMAP for long term message storage
and this idea would particularly suit them. They are also
the ones that use SSL and stored calendars (using Kontact).

> Something like this is properly handled in the mail client, which would
> encrypt the messages before sending them to the server. OpenPGP is a
> perfectly working standard, for this.

I disagree because there is no way anyone can ensure general
incoming mail from a wide range of sources would be encrypted
by the sender. Widespread general use of PGP may never happen.

PGP would be reasonable in a situation where a user pulls
their mail via POP, then PGP encrypts it locally and then
re-uploads it back up to the server for storage under
another user account... but that's dumb when the LDA could
have done the encryption at the first point of the delivery
chain where the user could provide their own public key
without any active involvement by the original sender(s).

The point of this suggestion is that it doesn't require the
sender to do anything special nor the receiver to use any
special technique, or MUA, other than perhaps to use SSL
to connect to the mail server to slightly improve end to
end security.

--markc

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216...et/marketplace
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users