On 01/04/2018 02:08 PM, Kristian Fiskerstrand wrote: > no, there isn't necessarily a client plugin, the gateway decrypts the > message before it hits the internal email server, so end-user sees > un-encrypted message, this is protecting transport, but security of > on-site is ensures through different channels I see. The gateway solution is contradictory to my end-to-end email security goal, which requires that only the end user can use his own private key. The gateway is a total disaster if the gateway is breached. > I don't see this as disagreeing, this means you don't have any benefit > from storing the email in encrypted form once it hits the corporate > network, so you're better off decryption it at gateway anyways. > I guess that you missed the auditing key part. I introduced it to meet auditing requirements or scanning of messages without using end user's private keys.
Thanks, Lou _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users