encrypt the sent folder

Eray Aslan eray.aslan at caf.com.tr
Wed Dec 6 11:52:14 CET 2006


John Clizbe wrote:
> Eray Aslan wrote:
>> The servers in question already have encryption at the file system level
>> with cryptsetupLUKS for Linux and truecrypt for windows boxes.   But the
>> trouble is these do not provide any defense against attacks through the
>> network.  They will happily serve the emails thru the network to the
>> appropriate user when asked.  FS encryption is only good at boot time.
>> Once the partition is mounted, you can access the data.
> 
> Once again, this would appear to be a server configuration issue, not a GnuPG issue.

I think I am not expressing myself clearly.

> If it is possible for someone to easily spoof a user's credentials and access
> their emails, then it's an authentication issue. 

No, see below.

> If you're worried about
> eavesdropping on the wire, you want SSL or TLS to secure the link.
> 
> In the case given of IMAP, you want  IMAP + TLS or IMAP + SSL

We provide IMAP+SSL and POP3+SSL email access to our employees.  Plain
IMAP and POP3 is not provided.  SMTP is also secured.  We also provide
webmail service secured with HTTPS.  Again plain HTTP is not allowed.
This is basic stuff.  So eavesdropping on the wire is not my main
concern.  And mails are stored on IMAP servers with encrypted file systems.

This is not an authentiation issue because you can change the
authentication method at the server.  I want the emails to stay
encrypted even if the server is compromised.  I don't want anyone with
the root password to say "that is what you wrote 2 months ago" unless he
has my secret key.  And that is what GnuPG does, no?

And since all our email accounts are virtual - meaning thay don't have a
shell account, dont have a home directory and emails are stored under
the same UID at the server - I have to solve this at the MUA level.
Please tell if there is an alternative.

-- 
Eray

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20061206/e78d60f6/signature.pgp


More information about the Gnupg-users mailing list