Automatic encryption of stored messages

Reinaldo de Carvalho reinaldoc at gmail.com
Wed Apr 28 18:51:22 EDT 2010 

On Wed, Apr 28, 2010 at 6:14 PM, Mikhail T. <mi+thun at aldan.algebra.com> wrote:
>
> The new messages arriving to the server will remain unencrypted -- no worse
> off than they are now -- until the user logs in (and provides the key).
>
> Again. Under my proposal, the server does have the key to a user's messages,
> but only while the user is logged in. Older messages of disconnected users
> are not readable even to the server's root.
>

I'm not saying this is useless, I'm pointing flaws that everyone will
repeat for you. Go ahead, make the patch.

You're definitely in the wrong list. This is SASL list, not CYRUS list.

> My proposal does not solve the problem completely, but it does reduce the
> damage. This is useful.
[...]
>
> This would only give the hacker ability to access e-mails of people
> currently connecting to the server, while the exploit is ongoing. My plan --
> for the third time -- aims to protect mailboxes of those, not currently
> connected. I believe, this could be valuable in a substantial number of
> installs.
>
[...]

Employers keep MUA opened.

>>
>> Server should't encrypt data. Root can do anything.
>>
>
> Both statements are wrong (as all generalizations)... I demonstrate, how the
> server can do encryption usefully -- so that even root can not decrypt it,
> until the user logs in to check their e-mail.
>

I live in the world that users are continuously connected. But should
be usefull for some smallest small setup.


> If a break-in happens, while a I'm on vacation, my old e-mails weren't
> exposed. That's as useful as being able to lock my house, while I'm away,
> even if I have to open it up upon returning...
>

on vacation? lol.

> Server should't encrypt data.
>
> You are now contradicting your own earlier advice (to use encrypted
> filesystem)!
>

No, I don't. I say again: "protect data from theft" (the hardware).

If you don't want type the symetric key at boot time to mount the
filesystem, probably you keep the assymetric private key of TLS
connection not encrypted (at least TLS is active?). This proves that
you don't take seriously the encryption and it just speculating ideas.
Please, make the patch to prove that I am wrong.

-- 
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net

"Don't try to adapt the software to the way you work, but rather
yourself to the way the software works" (myself)

More information about the Cyrus-sasl mailing list