Re: Webmail like Gmail + encryption
I am hosting my domain on a unaltered NSLU2 ( http://en.wikipedia.org/wiki/NSLU2 ) (32MB ram + external 2GB via USB2) running debian i have lighttpd + ssl for web using it i have squirrelmail for webmail i have dropbear for ssh server have svn via svn+ssh exim4 as mail server courier-imap for ssled imap fetchmail to fetch the mail from an external multidrop box. for encription/security: 1. smtp port not open for incoming mail, instead i have my domain registrar hold a multidrop box, which i pop using fetchmail 2. email clients can acess either from ssl-imap or webmail 3. outgoing smtp is directed to my ISP 4. svn is running via ssh (i would have preffered using https, but it needs apache, which will be to heavy, maybe i'll change it when i solder a bigger memory chip) 5. backup is done via rsnapshot (via ssh) hopes this helps, erez. On 8/9/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir
Re: Webmail like Gmail + encryption
Another approach is to use VPN for all work related internal data exchange. the data will be encrypted. it will be transparent to the user, and the mail servers won't have to suffer encrypting overhead. Can you still define the answers to Danny's questions? On 8/14/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir What is the threat, who is the attacker and what is the asset you are protecting? There is little reason to encrypt internal email in my experience. Let's say that Mike in sales has an insider tip on company stock options and he wants to tell Yael in HR. Encryption doesn't mitigate that threat. Let's say that Yossi has a secret algorithm he wants to sell to the dark side. Encrypting internal email won't mitigate that threat either. If there are confidential files being sent by email to external destinations - encrypt the files and give the key to the recipient. BUT - If you're concerned about information leakage then your cheapest and most effective countermeasure is monitoring email transmission for particular data types and destinations. Danny On 8/14/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi Danny, I want to encrypt inside company emails. I thought about building a mail server with webmail and a plugin for encryption. Most of the use of the webmail interface will be from known computers. The amount of emails will be at a hundreds. But I need to keep the private key at each user hand. I'm thinking to pass the encryption, I don't want it to be a burden. On 8/13/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir What exactly are you trying to achieve by encrypting email - are you trying to encrypt business communications between employees and vendors/customers to protect from eavesdroppers or do you want to encrypt the message repository and protect it from attackers? Before you start applying encryption as a panacea do a little threat analysis first. Ask yourself - what assets are you trying to protect, what are the threats and what are your vulnerabilities. My experience with extrusion prevention with a fair number of customers has shown the following: a. It's better to use outgoing email in clear text because 1) you can monitor what people are doing and 2) having a business partner decrypt/encrypt is generally a pain in the ass that is greater than the value of the business transaction. b. If you have high-value business communications between your company and vendors - you are better off just encrypting the file (for example a sensitive contract or product design doc) and sending the encrypted attachment. This will enable you to monitor who is sending and who is receiving and with the right monitoring system - you will be able to detect that an encrypted file was sent which is interesting information in it's own right. Read my blog entry on this topic http://www.software.co.il/blog/2007/06/secure_communications_without_1.html Best regards Danny On 8/10/07, Kfir Lavi [EMAIL PROTECTED] wrote: Danny, Google apps is exactly what I'm trying to avoid :-) What did you mean by You don't want to get involved in encrypted mail on your lonesome.? On 8/10/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir The best bet for you is Google Applications - surf to www.google.com/a You don't want to get involved in encrypted mail on your lonesome. danny On 8/9/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114 -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor
Re: Webmail like Gmail + encryption
Not that I've ever tried it, but I just stumbled across this: http://firegpg.tuxfamily.org/ It adds GPG support to gmail via firefox... including inserting extra buttons into the gmail interface. Gadi Kfir Lavi wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir -- Gadi Cohen aka Kinslayer [EMAIL PROTECTED] www.wastelands.net Freelance admin/coding/design HABONIM DROR linux/fantasy enthusiast KeyID 0x93F26EF5: 256A 1FC7 AA2B 6A8F 1D9B 6A5A 4403 F34B 93F2 6EF5
Re: Webmail like Gmail + encryption
Hi Danny, I want to encrypt inside company emails. I thought about building a mail server with webmail and a plugin for encryption. Most of the use of the webmail interface will be from known computers. The amount of emails will be at a hundreds. But I need to keep the private key at each user hand. I'm thinking to pass the encryption, I don't want it to be a burden. On 8/13/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir What exactly are you trying to achieve by encrypting email - are you trying to encrypt business communications between employees and vendors/customers to protect from eavesdroppers or do you want to encrypt the message repository and protect it from attackers? Before you start applying encryption as a panacea do a little threat analysis first. Ask yourself - what assets are you trying to protect, what are the threats and what are your vulnerabilities. My experience with extrusion prevention with a fair number of customers has shown the following: a. It's better to use outgoing email in clear text because 1) you can monitor what people are doing and 2) having a business partner decrypt/encrypt is generally a pain in the ass that is greater than the value of the business transaction. b. If you have high-value business communications between your company and vendors - you are better off just encrypting the file (for example a sensitive contract or product design doc) and sending the encrypted attachment. This will enable you to monitor who is sending and who is receiving and with the right monitoring system - you will be able to detect that an encrypted file was sent which is interesting information in it's own right. Read my blog entry on this topic http://www.software.co.il/blog/2007/06/secure_communications_without_1.html Best regards Danny On 8/10/07, Kfir Lavi [EMAIL PROTECTED] wrote: Danny, Google apps is exactly what I'm trying to avoid :-) What did you mean by You don't want to get involved in encrypted mail on your lonesome.? On 8/10/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir The best bet for you is Google Applications - surf to www.google.com/a You don't want to get involved in encrypted mail on your lonesome. danny On 8/9/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114 -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114
Re: Webmail like Gmail + encryption
Kfir What is the threat, who is the attacker and what is the asset you are protecting? There is little reason to encrypt internal email in my experience. Let's say that Mike in sales has an insider tip on company stock options and he wants to tell Yael in HR. Encryption doesn't mitigate that threat. Let's say that Yossi has a secret algorithm he wants to sell to the dark side. Encrypting internal email won't mitigate that threat either. If there are confidential files being sent by email to external destinations - encrypt the files and give the key to the recipient. BUT - If you're concerned about information leakage then your cheapest and most effective countermeasure is monitoring email transmission for particular data types and destinations. Danny On 8/14/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi Danny, I want to encrypt inside company emails. I thought about building a mail server with webmail and a plugin for encryption. Most of the use of the webmail interface will be from known computers. The amount of emails will be at a hundreds. But I need to keep the private key at each user hand. I'm thinking to pass the encryption, I don't want it to be a burden. On 8/13/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir What exactly are you trying to achieve by encrypting email - are you trying to encrypt business communications between employees and vendors/customers to protect from eavesdroppers or do you want to encrypt the message repository and protect it from attackers? Before you start applying encryption as a panacea do a little threat analysis first. Ask yourself - what assets are you trying to protect, what are the threats and what are your vulnerabilities. My experience with extrusion prevention with a fair number of customers has shown the following: a. It's better to use outgoing email in clear text because 1) you can monitor what people are doing and 2) having a business partner decrypt/encrypt is generally a pain in the ass that is greater than the value of the business transaction. b. If you have high-value business communications between your company and vendors - you are better off just encrypting the file (for example a sensitive contract or product design doc) and sending the encrypted attachment. This will enable you to monitor who is sending and who is receiving and with the right monitoring system - you will be able to detect that an encrypted file was sent which is interesting information in it's own right. Read my blog entry on this topic http://www.software.co.il/blog/2007/06/secure_communications_without_1.html Best regards Danny On 8/10/07, Kfir Lavi [EMAIL PROTECTED] wrote: Danny, Google apps is exactly what I'm trying to avoid :-) What did you mean by You don't want to get involved in encrypted mail on your lonesome.? On 8/10/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir The best bet for you is Google Applications - surf to www.google.com/a You don't want to get involved in encrypted mail on your lonesome. danny On 8/9/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114 -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3
Re: Webmail like Gmail + encryption
Kfir What exactly are you trying to achieve by encrypting email - are you trying to encrypt business communications between employees and vendors/customers to protect from eavesdroppers or do you want to encrypt the message repository and protect it from attackers? Before you start applying encryption as a panacea do a little threat analysis first. Ask yourself - what assets are you trying to protect, what are the threats and what are your vulnerabilities. My experience with extrusion prevention with a fair number of customers has shown the following: a. It's better to use outgoing email in clear text because 1) you can monitor what people are doing and 2) having a business partner decrypt/encrypt is generally a pain in the ass that is greater than the value of the business transaction. b. If you have high-value business communications between your company and vendors - you are better off just encrypting the file (for example a sensitive contract or product design doc) and sending the encrypted attachment. This will enable you to monitor who is sending and who is receiving and with the right monitoring system - you will be able to detect that an encrypted file was sent which is interesting information in it's own right. Read my blog entry on this topic http://www.software.co.il/blog/2007/06/secure_communications_without_1.html Best regards Danny On 8/10/07, Kfir Lavi [EMAIL PROTECTED] wrote: Danny, Google apps is exactly what I'm trying to avoid :-) What did you mean by You don't want to get involved in encrypted mail on your lonesome.? On 8/10/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir The best bet for you is Google Applications - surf to www.google.com/a You don't want to get involved in encrypted mail on your lonesome. danny On 8/9/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114 -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114
Re: Webmail like Gmail + encryption
How about GPG, or PGP? On 8/13/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir What exactly are you trying to achieve by encrypting email - are you trying to encrypt business communications between employees and vendors/customers to protect from eavesdroppers or do you want to encrypt the message repository and protect it from attackers? Before you start applying encryption as a panacea do a little threat analysis first. Ask yourself - what assets are you trying to protect, what are the threats and what are your vulnerabilities. My experience with extrusion prevention with a fair number of customers has shown the following: a. It's better to use outgoing email in clear text because 1) you can monitor what people are doing and 2) having a business partner decrypt/encrypt is generally a pain in the ass that is greater than the value of the business transaction. b. If you have high-value business communications between your company and vendors - you are better off just encrypting the file (for example a sensitive contract or product design doc) and sending the encrypted attachment. This will enable you to monitor who is sending and who is receiving and with the right monitoring system - you will be able to detect that an encrypted file was sent which is interesting information in it's own right. Read my blog entry on this topic http://www.software.co.il/blog/2007/06/secure_communications_without_1.html Best regards Danny On 8/10/07, Kfir Lavi [EMAIL PROTECTED] wrote: Danny, Google apps is exactly what I'm trying to avoid :-) What did you mean by You don't want to get involved in encrypted mail on your lonesome.? On 8/10/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir The best bet for you is Google Applications - surf to www.google.com/a You don't want to get involved in encrypted mail on your lonesome. danny On 8/9/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114 -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Webmail like Gmail + encryption
Michael GPG is pretty good and you can use it with kmail (in kde) or as a plugin (enigmail) with Thunderbird. I think there is a plugin for Squirrelmail and then there are plugins for postfix and qmail-scanner if you use one of those guys Personally - I like to figure out my risk and then compare it to how much it will cost me to setup a countermeasure (like encryption) and maintain it. - what are you trying to achieve ? You have to identify the threats and vulnerabilities of your email and then work to mitigate the risk. For example if you are exchanging non-sensitive information with customers why bother encrypting at all? If you have notebooks - you should definitely be worried that one of them might be lost or stolen and then you might have trouble For that - look at TrueCrypt- and definitely stay away from Aliroo which is a piece of sh-t. Read my blog entry on this topic http://www.software.co.il/blog/2007/06/secure_communications_without_1.html Best regards Danny On 8/13/07, Michael Tewner [EMAIL PROTECTED] wrote: How about GPG, or PGP? On 8/13/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir What exactly are you trying to achieve by encrypting email - are you trying to encrypt business communications between employees and vendors/customers to protect from eavesdroppers or do you want to encrypt the message repository and protect it from attackers? Before you start applying encryption as a panacea do a little threat analysis first. Ask yourself - what assets are you trying to protect, what are the threats and what are your vulnerabilities. My experience with extrusion prevention with a fair number of customers has shown the following: a. It's better to use outgoing email in clear text because 1) you can monitor what people are doing and 2) having a business partner decrypt/encrypt is generally a pain in the ass that is greater than the value of the business transaction. b. If you have high-value business communications between your company and vendors - you are better off just encrypting the file (for example a sensitive contract or product design doc) and sending the encrypted attachment. This will enable you to monitor who is sending and who is receiving and with the right monitoring system - you will be able to detect that an encrypted file was sent which is interesting information in it's own right. Read my blog entry on this topic http://www.software.co.il/blog/2007/06/secure_communications_without_1.html Best regards Danny On 8/10/07, Kfir Lavi [EMAIL PROTECTED] wrote: Danny, Google apps is exactly what I'm trying to avoid :-) What did you mean by You don't want to get involved in encrypted mail on your lonesome.? On 8/10/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir The best bet for you is Google Applications - surf to www.google.com/a You don't want to get involved in encrypted mail on your lonesome. danny On 8/9/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114 -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114 -- Danny Lieberman Reduce risk with practical threat analysis- visit us
Re: Webmail like Gmail + encryption
Kfir The best bet for you is Google Applications - surf to www.google.com/a You don't want to get involved in encrypted mail on your lonesome. danny On 8/9/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114
Re: Webmail like Gmail + encryption
Danny, Google apps is exactly what I'm trying to avoid :-) What did you mean by You don't want to get involved in encrypted mail on your lonesome.? On 8/10/07, Danny Lieberman [EMAIL PROTECTED] wrote: Kfir The best bet for you is Google Applications - surf to www.google.com/a You don't want to get involved in encrypted mail on your lonesome. danny On 8/9/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com All things being equal, the simplest solution tends to be the best one. Occam's razor www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114
Re: Webmail like Gmail + encryption
I know that Zimbra did a gmail clone skin to their webmail recently called Zmail. http://www.zimbra.com/blog/archives/2007/06/we_call_it_zmail.html but I haven't tried it, and I don't know how well the search works for example. also it doesn't AFAIK have the conversation mode of gmail, which is what i like most about it. On 8/9/07, Kfir Lavi [EMAIL PROTECTED] wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir
Re: Webmail like Gmail + encryption
Quoting Kfir Lavi, from the post of Thu, 09 Aug: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. webmail is done at the server, and therefore the encryption can either be done on the server (and you must use SSL at the minimum) and have the user enter the passphrase for each mail he sends and recieves or else (caching the key) is no security at all. the other option is encrypting/decrypting at the browser level (with a DoK) and that's a neucense in itself. the easiest and possibly safest is on a Portable version of Thunderbird, a local key with an S/MIME or similar extension. I have not seen an encryption solution on a webmail product that is both conveniant AND secure... one almost contradicts the other. the only GOOD solution would be a combination extension/greasemonkey script that will automatically decrypt incoming mail and force you to encrypt outgoing one at the browser's end and that also means it's accessible only from a machine that has been set up for it. -- Networking washing machines since 1999 Ira Abramov http://ira.abramov.org/email/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Webmail like Gmail + encryption
On Thu, 2007-08-09 at 15:07 +0300, Ira Abramov wrote: Quoting Kfir Lavi, from the post of Thu, 09 Aug: Hi, I would like to keep company emails secure and encrypted. I would also want encryption. I want all the emails be encrypted automatically. I have not seen an encryption solution on a webmail product that is both conveniant AND secure... one almost contradicts the other. the only GOOD solution would be a combination extension/greasemonkey script that will automatically decrypt incoming mail and force you to encrypt outgoing one at the browser's end and that also means it's accessible only from a machine that has been set up for it. One might also say that the email is accessible on any machine where it has been setup for it, including public terminals - so its not that secure unless you have tight control of the clients, which kind of beats the point of having webmail. -- Oded = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Webmail like Gmail + encryption
Never used it but there's www.hushmail.com. Kfir Lavi wrote: Hi, I would like to keep company emails secure and encrypted. I'm looking for a webmail program that is similar to Gmail. It don't have to own all the stuff, just to be productive. I would also want encryption. I want all the emails be encrypted automatically. What is the procedure for a user? should he take with him a usb private key? I'm looking for your comments on the idea. Tnx, Kfir -- Gadi Cohen aka Kinslayer [EMAIL PROTECTED] www.wastelands.net Freelance admin/coding/design HABONIM DROR linux/fantasy enthusiast KeyID 0x93F26EF5: 256A 1FC7 AA2B 6A8F 1D9B 6A5A 4403 F34B 93F2 6EF5