Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: DBMail: users
Re: mail encryption
 

Index | Next | Previous | View Flat


paul at nfg

Jan 28, 2008, 12:56 AM


Views: 2723
Permalink
Re: mail encryption [In reply to]

Sim Zacks wrote:
> I've read a lot about password encryption with dbmail, but does (or can)
> dbmail support encrpytion of the actual messages?
> Our CEO and CFO are both very concerned with the idea of switching to
> IMAP because it would make it simple for the system administrators to
> read their email. They aren't as concerned with sniffers and stuff like
> that because that would require constant vigil. They are concerned that
> someone can open the mysql database (or go into the dbmailadministrator
> web front end) and query the database.
>
> I was thinking that mail clients generally support SSL, which leads me
> to believe that if the user's public key is stored on the server then
> the dbmail should be able to encrypt all messages going into his box
> before they are stored and then the client will be able to open it with
> their private key.
>
> Is something like this in place already?

yes, it's called GNU-PG, which is compatible with PGP. Most modern
clients support PGP email or S/MIME.

Really, if your CEO/CFO doesn't trust his sysadmins they should fire
them. Sysadmins have access to confidential information no matter what.

Doing on-the-fly encryption during insertion is a *bad* idea. Using
clients that use ssl/tls don't have a user-key, they have a
server-keypair only. And anyone who has access to the server keys can
decrypt both traffic and the messages stored using the server keypair.

Using the users' passwords or some other userbased secret is not an
option because emails are not stored per user. With
single-instance-storage message parts are just that: unconnected
fragments of email. They are re-assembled into readable email during
retrieval, but individual message parts can and will be part of totally
unrelated messages.

--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.n
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
https://mailman.fastxs.nl/mailman/listinfo/dbmail

Subject User Time
mail encryption sim at compulab Jan 27, 2008, 11:01 PM
    Re: mail encryption guntis at rixtel Jan 27, 2008, 11:41 PM
        Re: mail encryption sim at compulab Jan 28, 2008, 12:33 AM
            Re: mail encryption guntis at rixtel Jan 28, 2008, 1:30 AM
                RE: mail encryption jon at host-it Jan 28, 2008, 1:48 AM
    Re: mail encryption paul at nfg Jan 28, 2008, 12:56 AM
    Re: mail encryption paul at nfg Jan 28, 2008, 12:56 AM
    Re: mail encryption michael.monnerie at it-management Jan 28, 2008, 4:19 AM
    Re: mail encryption mike at mobrien Jan 28, 2008, 8:46 AM
        Re: mail encryption mluich at globalcerts Jan 28, 2008, 10:01 AM
            Re: mail encryption michael.monnerie at it-management Jan 28, 2008, 2:03 PM
                Re: mail encryption michael.monnerie at it-management Jan 28, 2008, 2:39 PM
                Re: mail encryption robert at summernetworks Jan 28, 2008, 2:50 PM
                Re: mail encryption mike at mobrien Jan 28, 2008, 9:00 PM
                    Re: mail encryption mike at mobrien Feb 4, 2008, 1:56 PM
    Re: mail encryption jake at vapourforge Jan 28, 2008, 3:23 PM
    Re: mail encryption sim at compulab Jan 28, 2008, 10:58 PM
        Re: mail encryption marc at electronics-design Jan 28, 2008, 11:48 PM
    Re: mail encryption sim at compulab Jan 29, 2008, 1:19 AM
        Re: mail encryption marc at electronics-design Jan 29, 2008, 1:30 AM
        Re: mail encryption paul at nfg Jan 29, 2008, 4:01 AM
        Re: mail encryption michael.monnerie at it-management Jan 29, 2008, 4:05 AM
            Re: mail encryption marc at electronics-design Jan 29, 2008, 4:05 AM
                Re: mail encryption sim at compulab Jan 29, 2008, 4:26 AM
                Re: mail encryption michael.monnerie at it-management Jan 29, 2008, 4:50 AM
                    Re: mail encryption davel at dsp-services Jan 29, 2008, 9:08 AM
                        Re: mail encryption sim at compulab Jan 29, 2008, 10:28 PM
                            Re: mail encryption casper at bcx Jan 30, 2008, 3:35 AM
        Re: mail encryption cloos at jhcloos Jan 29, 2008, 11:57 AM
    Re: mail encryption skraps at hushmail Mar 27, 2012, 2:10 AM

  Index | Next | Previous | View Flat
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.