-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Jan 06, 2011 at 12:54:57PM +0100, Christian Felsing wrote: > Am 04.01.2011 07:38, schrieb to...@tuxteam.de: > > The idea upthread (Jan-Frode) to keep a public key server-side and > > encrypt messages on arrival seems to me the way to go. > > I would support that idea. Private key should be encrypted with users > passphrase. If user changes password privet key needs to be decrypted > with old password and reencrypted with new password.
Hm. I think I didn't express my idea correctly. The decryption has to happen client-side if it has to be any worth, IMO. > Public key never changes, so maildir is never required to be touched, if > user changes password and server does not need to know users secret to > receive mail. > > I would wish that Timo would consider to implement required functions to > plugin API, so such a plugin would be possible without massive patching > Dovecot source code. As Timo said downthread, there is already such a plugin, but... this would support decryption server-side (which IMO would be wrong anyway). For client-side decryption, the infrastructure is (almost) completely there. GPG for the client (and encryption on delivery -- but every delivery agent I know of has some hooks for filtering messages). Regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFNJsp2Bcgs9XrR2kYRAg87AJ9K2Aixc6aMozbYvW8BnGL9Tg8vJACfRRVT l2DOhXS6h5QwXxmuJCbjJL8= =k96l -----END PGP SIGNATURE-----