Re: crypto mailbox
On Thu, 21 Apr 2005, Natalino Picone wrote: Hi all, i was wondering if there is a way to crypt the user mail spool in order to avoid that other users (root included) can read the user mailbox content. Something like gpg encryption on the mail file. Any idea ? I had an idea for this where basically you'd put a public key into an annotation on a mailbox, and all mail payloads (not the headers) would be encrypted. It breaks things like search, but has the benefit you want. But it's low on the list of things to do. You could do similar with a sendmail milter or somesuch. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: crypto mailbox
On Fri, 22 Apr 2005, Jason Huddleston wrote: Why don't they use PGP for messages of this importance??? I can't control the sender's use of PGP. (the excerpted bit from me which your mail client did something weird with instead of quoting follows:) To be honest my target was more along the line of Sam Weiler's worries, namely, for people who are paranoid a warrant will show up and their machine will walk away. Presumably there's still the wiretap equivalent problem (someone gets a copy of the data before it's encrypted) but if it went over the wire in the clear you already have that problem. This only precludes the bits from being available at a later time, not any time up until they're encrypted. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: crypto mailbox
Why don't they use PGP for messages of this importance??? -- Jason Huddleston, CCSA Assistant Coordinator Internet Services and Security Ozarks Technical Community College [EMAIL PROTECTED] 417-447-7532 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derrick J Brashear Sent: Friday, April 22, 2005 1:46 PM To: info-cyrus@lists.andrew.cmu.edu Subject: Re: crypto mailbox On Fri, 22 Apr 2005, Cyrus Daboo wrote: Hi Derrick, [] Even with that there is still a 'window of opportunity' in which the clear text message data exists somewhere on the machine (in a temp file, resident in memory etc) and root will likely be able to get to it. The bottom line is To be honest my target was more along the line of Sam Weiler's worries, namely, for people who are paranoid a warrant will show up and their machine will walk away. Presumably there's still the wiretap equivalent problem (someone gets a copy of the data before it's encrypted) but if it went over the wire in the clear you already have that problem. This only precludes the bits from being available at a later time, not any time up until they're encrypted. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: crypto mailbox
On Fri, 22 Apr 2005, Cyrus Daboo wrote: Hi Derrick, [] Even with that there is still a 'window of opportunity' in which the clear text message data exists somewhere on the machine (in a temp file, resident in memory etc) and root will likely be able to get to it. The bottom line is To be honest my target was more along the line of Sam Weiler's worries, namely, for people who are paranoid a warrant will show up and their machine will walk away. Presumably there's still the wiretap equivalent problem (someone gets a copy of the data before it's encrypted) but if it went over the wire in the clear you already have that problem. This only precludes the bits from being available at a later time, not any time up until they're encrypted. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: crypto mailbox
On Thu, Apr 21, 2005 at 11:11:48PM +0200, Natalino Picone wrote: Hi all, i was wondering if there is a way to crypt the user mail spool in order to avoid that other users (root included) can read the user mailbox content. Something like gpg encryption on the mail file. Any idea ? This means the cyrus-imap server would need access to the necessary key to decrypt the mailbox's contents before sending them to the client. And root would have access to that key as well. This would only work to avoid accidental email readings done by root. The best way is to make the user encrypt his/her own emails whenever needed. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html