Mailing List Archive

mail encryption
I've read a lot about password encryption with dbmail, but does (or can)
dbmail support encrpytion of the actual messages?
Our CEO and CFO are both very concerned with the idea of switching to
IMAP because it would make it simple for the system administrators to
read their email. They aren't as concerned with sniffers and stuff like
that because that would require constant vigil. They are concerned that
someone can open the mysql database (or go into the dbmailadministrator
web front end) and query the database.

I was thinking that mail clients generally support SSL, which leads me
to believe that if the user's public key is stored on the server then
the dbmail should be able to encrypt all messages going into his box
before they are stored and then the client will be able to open it with
their private key.

Is something like this in place already?

Thank you
Sim
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
On Monday 28 January 2008 09:01:09 Sim Zacks wrote:
> I've read a lot about password encryption with dbmail, but does (or can)
> dbmail support encrpytion of the actual messages?
> Our CEO and CFO are both very concerned with the idea of switching to
> IMAP because it would make it simple for the system administrators to
> read their email. They aren't as concerned with sniffers and stuff like
> that because that would require constant vigil. They are concerned that
> someone can open the mysql database (or go into the dbmailadministrator
> web front end) and query the database.
>
> I was thinking that mail clients generally support SSL, which leads me
> to believe that if the user's public key is stored on the server then
> the dbmail should be able to encrypt all messages going into his box
> before they are stored and then the client will be able to open it with
> their private key.
>
> Is something like this in place already?
>
> Thank you
> Sim
> _______________________________________________
> DBmail mailing list
> DBmail@dbmail.org
> https://mailman.fastxs.nl/mailman/listinfo/dbmail
>

Hello,
in MUA you can use Certificates to Sign and Encrypt mail messages. The
messages will be stored encrypted in dbmail database. So there will be no
security treat even if someone gets full read access to your database.

--
Best Regards,
Guntis Bumburs
Rixtel, SIA
www.rixtel.com
29251044
67504856
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
This is true, but if I send the CEO a message and I don't encrypt it
then it will be sitting in his dbmail account without encryption.

Sim
>
> Hello,
> in MUA you can use Certificates to Sign and Encrypt mail messages. The
> messages will be stored encrypted in dbmail database. So there will be no
> security treat even if someone gets full read access to your database.
>
>
Re: mail encryption [ In reply to ]
Sim Zacks wrote:
> I've read a lot about password encryption with dbmail, but does (or can)
> dbmail support encrpytion of the actual messages?
> Our CEO and CFO are both very concerned with the idea of switching to
> IMAP because it would make it simple for the system administrators to
> read their email. They aren't as concerned with sniffers and stuff like
> that because that would require constant vigil. They are concerned that
> someone can open the mysql database (or go into the dbmailadministrator
> web front end) and query the database.
>
> I was thinking that mail clients generally support SSL, which leads me
> to believe that if the user's public key is stored on the server then
> the dbmail should be able to encrypt all messages going into his box
> before they are stored and then the client will be able to open it with
> their private key.
>
> Is something like this in place already?

yes, it's called GNU-PG, which is compatible with PGP. Most modern
clients support PGP email or S/MIME.

Really, if your CEO/CFO doesn't trust his sysadmins they should fire
them. Sysadmins have access to confidential information no matter what.

Doing on-the-fly encryption during insertion is a *bad* idea. Using
clients that use ssl/tls don't have a user-key, they have a
server-keypair only. And anyone who has access to the server keys can
decrypt both traffic and the messages stored using the server keypair.

Using the users' passwords or some other userbased secret is not an
option because emails are not stored per user. With
single-instance-storage message parts are just that: unconnected
fragments of email. They are re-assembled into readable email during
retrieval, but individual message parts can and will be part of totally
unrelated messages.

--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.n
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
Sim Zacks wrote:
> I've read a lot about password encryption with dbmail, but does (or can)
> dbmail support encrpytion of the actual messages?
> Our CEO and CFO are both very concerned with the idea of switching to
> IMAP because it would make it simple for the system administrators to
> read their email. They aren't as concerned with sniffers and stuff like
> that because that would require constant vigil. They are concerned that
> someone can open the mysql database (or go into the dbmailadministrator
> web front end) and query the database.
>
> I was thinking that mail clients generally support SSL, which leads me
> to believe that if the user's public key is stored on the server then
> the dbmail should be able to encrypt all messages going into his box
> before they are stored and then the client will be able to open it with
> their private key.
>
> Is something like this in place already?

yes, it's called GNU-PG, which is compatible with PGP. Most modern
clients support PGP email or S/MIME.

Really, if your CEO/CFO doesn't trust his sysadmins they should fire
them. Sysadmins have access to confidential information no matter what.

Doing on-the-fly encryption during insertion is a *bad* idea. Using
clients that use ssl/tls don't have a user-key, they have a
server-keypair only. And anyone who has access to the server keys can
decrypt both traffic and the messages stored using the server keypair.

Using the users' passwords or some other userbased secret is not an
option because emails are not stored per user. With
single-instance-storage message parts are just that: unconnected
fragments of email. They are re-assembled into readable email during
retrieval, but individual message parts can and will be part of totally
unrelated messages.

--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.n

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
On Monday 28 January 2008 10:33:59 Sim Zacks wrote:
> This is true, but if I send the CEO a message and I don't encrypt it
> then it will be sitting in his dbmail account without encryption.
There should be some company's security politics concerning security sensitive
information. So all your users and business partners would use Certificate or
PGP encryption for sensitive data.

The whole system security level is determined by the lowest security level of
its component.

when someone sends you clear text email it travels across internet in clear
text. So this is your problem.

>
> Sim
> >
> > Hello,
> > in MUA you can use Certificates to Sign and Encrypt mail messages. The
> > messages will be stored encrypted in dbmail database. So there will be no
> > security treat even if someone gets full read access to your database.
> >
> >
>
>



--
Best Regards,
Guntis Bumburs
Rixtel, SIA
www.rixtel.com
29251044
67504856
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
RE: mail encryption [ In reply to ]
If your CEO is concerned he should be using PGP, as Paul suggested.

It's not the job of the storage engine/mta to encrypt messages for storage.

Jon

-----Original Message-----
From: dbmail-bounces@dbmail.org [mailto:dbmail-bounces@dbmail.org] On Behalf
Of Guntis Bumburs
Sent: 28 January 2008 09:30
To: DBMail mailinglist
Subject: Re: [Dbmail] mail encryption

On Monday 28 January 2008 10:33:59 Sim Zacks wrote:
> This is true, but if I send the CEO a message and I don't encrypt it
> then it will be sitting in his dbmail account without encryption.
There should be some company's security politics concerning security
sensitive
information. So all your users and business partners would use Certificate
or
PGP encryption for sensitive data.

The whole system security level is determined by the lowest security level
of
its component.

when someone sends you clear text email it travels across internet in clear
text. So this is your problem.

>
> Sim
> >
> > Hello,
> > in MUA you can use Certificates to Sign and Encrypt mail messages. The
> > messages will be stored encrypted in dbmail database. So there will be
no
> > security treat even if someone gets full read access to your database.
> >
> >
>
>



--
Best Regards,
Guntis Bumburs
Rixtel, SIA
www.rixtel.com
29251044
67504856
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
On Montag, 28. Januar 2008 Sim Zacks wrote:
> Our CEO and CFO are both very concerned with the idea of switching to
> IMAP because it would make it simple for the system administrators to
> read their email. They aren't as concerned with sniffers and stuff
> like that because that would require constant vigil. They are
> concerned that someone can open the mysql database (or go into the
> dbmailadministrator web front end) and query the database.

How do you currently ensure nobody can read their mail?

Your bad sysadmins could
1) remote control their PCs by using a trojan
2) sniff the companies network
3) sniff the internet (which is what all the other bad guys on the
planet could easily do, of course)
4) install an alias to get a copy of all CEO mails to another box
5) and a lot of other nice things

If your sysadmins are a problem, change them. There will be no way to
prevent them from reading your mail, if they really want to - but I
believe there are many other threats that are of bigger danger.

mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: www.keyserver.net Key-ID: 1C1209B4
Re: mail encryption [ In reply to ]
The CEO and CFO might be surprised to learn that writing something on an
email is pretty much like writing it on the back of a postcard and
mailing it. You will not absolutely prevent electronic mail sent through
the SMTP protocol (over 20 years old) from being read by persons other
than the recipient. We have run PGP keyservers for over a decade and
never knew a system admin who could not read the mail even in a high
security environment. If there is an issue with internal administrators,
maybe the concerned CEO and CFO individuals should have email accounts
elsewhere so that only "trusted" administrators at another company or
institution can read their mail :o(

Here is a personal user's tool many people use for handling the
occasional mail security issue. http://www.canadaemails.com/encrypt.shtml
Here is another personal user's tool:
http://www.thawte.com/secure-email/personal-email-certificates/
Her is a system admin's tool: http://gnupg.org/

In all of the above cases its more of a security-blanket "therapy" than
a real security solution. The NSA, CIA, FBI and God all occasionally get
their email read by somebody other than the intended recipient.
best of luck.
Mike

Sim Zacks wrote:
> I've read a lot about password encryption with dbmail, but does (or
> can) dbmail support encrpytion of the actual messages?
> Our CEO and CFO are both very concerned with the idea of switching to
> IMAP because it would make it simple for the system administrators to
> read their email. They aren't as concerned with sniffers and stuff
> like that because that would require constant vigil. They are
> concerned that someone can open the mysql database (or go into the
> dbmailadministrator web front end) and query the database.
>
> I was thinking that mail clients generally support SSL, which leads me
> to believe that if the user's public key is stored on the server then
> the dbmail should be able to encrypt all messages going into his box
> before they are stored and then the client will be able to open it
> with their private key.
>
> Is something like this in place already?
>
> Thank you
> Sim
> _______________________________________________
> DBmail mailing list
> DBmail@dbmail.org
> https://mailman.fastxs.nl/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
My company, Globalcerts LC (http://www.globalcerts.net) builds email
encryption appliances. Our CEO asked us if our product could do this and
we took a look. Ours won't as we only handle mail leaving the
organization and it's transport across the net, but it is possible to do.

Dbmail does not currently support encrypted storage. It is possible, but
would require extensive work on dbmail, you would still end up with the
headers in the clear in the DB, but there's no technical reason it can't
be done. I'm also sure your CEO doesn't want to have to do it himself,
Worry about key's, and hit extra buttons. That is the part that makes it
REALLY difficult. The only REAL answer is to encrypt the message at it's
source and decrypt it at it's destination. And this requires a lot more
than Dbmail can handle alone.

Michael Luich
Programmer / Systems Engineer
GlobalCerts


M. J. [Micheal] OBrien wrote:
> The CEO and CFO might be surprised to learn that writing something on
> an email is pretty much like writing it on the back of a postcard and
> mailing it. You will not absolutely prevent electronic mail sent
> through the SMTP protocol (over 20 years old) from being read by
> persons other than the recipient. We have run PGP keyservers for over
> a decade and never knew a system admin who could not read the mail
> even in a high security environment. If there is an issue with
> internal administrators, maybe the concerned CEO and CFO individuals
> should have email accounts elsewhere so that only "trusted"
> administrators at another company or institution can read their mail :o(
>
> Here is a personal user's tool many people use for handling the
> occasional mail security issue. http://www.canadaemails.com/encrypt.shtml
> Here is another personal user's tool:
> http://www.thawte.com/secure-email/personal-email-certificates/
> Her is a system admin's tool: http://gnupg.org/
>
> In all of the above cases its more of a security-blanket "therapy"
> than a real security solution. The NSA, CIA, FBI and God all
> occasionally get their email read by somebody other than the intended
> recipient.
> best of luck.
> Mike
>
> Sim Zacks wrote:
>> I've read a lot about password encryption with dbmail, but does (or
>> can) dbmail support encrpytion of the actual messages?
>> Our CEO and CFO are both very concerned with the idea of switching to
>> IMAP because it would make it simple for the system administrators to
>> read their email. They aren't as concerned with sniffers and stuff
>> like that because that would require constant vigil. They are
>> concerned that someone can open the mysql database (or go into the
>> dbmailadministrator web front end) and query the database.
>>
>> I was thinking that mail clients generally support SSL, which leads
>> me to believe that if the user's public key is stored on the server
>> then the dbmail should be able to encrypt all messages going into his
>> box before they are stored and then the client will be able to open
>> it with their private key.
>>
>> Is something like this in place already?
>>
>> Thank you
>> Sim
>> _______________________________________________
>> DBmail mailing list
>> DBmail@dbmail.org
>> https://mailman.fastxs.nl/mailman/listinfo/dbmail
> _______________________________________________
> DBmail mailing list
> DBmail@dbmail.org
> https://mailman.fastxs.nl/mailman/listinfo/dbmail
>
>
> This email and any files transmitted with it are confidential and
> intended solely for the individual(s) or entity to whom they are
> addressed.
>
> If you have received this email in error please notify the originator
> of the message.
>
> Any views expressed in this message are those of the individual sender.
>
> This message has been scanned for Content, viruses and spam by
> GlobalCerts RiskFilter - E-mail.
> www.GlobalCerts.net
>


This email and any files transmitted with it are confidential and intended solely for the individual(s) or entity to whom they are addressed.

If you have received this email in error please notify the originator of the message.

Any views expressed in this message are those of the individual sender.

This message has been scanned for Content, viruses and spam by GlobalCerts RiskFilter - E-mail.
www.GlobalCerts.net

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
On Montag, 28. Januar 2008 Michael luich wrote:
> The only REAL answer is to encrypt the message at it's
> source and decrypt it at it's destination. And this requires a lot
> more than Dbmail can handle alone.

Yes, and it's called PGP or GnuPG. No reason to invent something new.

mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: www.keyserver.net Key-ID: 1C1209B4
Re: mail encryption [ In reply to ]
On Montag, 28. Januar 2008 Michael Monnerie wrote:
> Yes, and it's called PGP or GnuPG. No reason to invent something new.

In case somebody uses Outlook and wants PGP: http://www.gpg4win.org/

mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: www.keyserver.net Key-ID: 1C1209B4
Re: mail encryption [ In reply to ]
On 28 Jan 2008, at 23:03, Michael Monnerie wrote:

> On Montag, 28. Januar 2008 Michael luich wrote:
>> The only REAL answer is to encrypt the message at it's
>> source and decrypt it at it's destination. And this requires a lot
>> more than Dbmail can handle alone.
>
> Yes, and it's called PGP or GnuPG. No reason to invent something new.

Or S/Mime for those who want to keep it simple as S/Mime support is
already built into most modern email clients. As for which one is
safer, I don't know.
Re: mail encryption [ In reply to ]
Sim Zacks wrote:
> I've read a lot about password encryption with dbmail, but does (or
> can) dbmail support encrpytion of the actual messages?
> Our CEO and CFO are both very concerned with the idea of switching to
> IMAP because it would make it simple for the system administrators to
> read their email. They aren't as concerned with sniffers and stuff
> like that because that would require constant vigil. They are
> concerned that someone can open the mysql database (or go into the
> dbmailadministrator web front end) and query the database.
>
> I was thinking that mail clients generally support SSL, which leads me
> to believe that if the user's public key is stored on the server then
> the dbmail should be able to encrypt all messages going into his box
> before they are stored and then the client will be able to open it
> with their private key.
>
> Is something like this in place already?
>
> Thank you
> Sim
> _______________________________________________
> DBmail mailing list
> DBmail@dbmail.org
> https://mailman.fastxs.nl/mailman/listinfo/dbmail
\\CEO-Computer\c$\documents and
settings\CEO-Account\local-settings\microsoft\outlook\outlook.pst

yeah thats safe ;->


If you still want encryption stick the database on an encrypted
partition and call it good enough.

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
Following this thread made me think of a little development resource
that might be helpful.

I don't know if this helps anyone but I added dbmail to our open pgp
keyserver cluster. These servers are really only intended for group use,
like for example a group of all DBMail users. If you are looking for a
list of every key on the planet, you won't find it here.

hence: dbmail.keyserver.ca
DBMail users' own keyserver.
Might be OK for some people. :o)

Learn more at: http://www.dbma.ca/keyserver/ or http://dbmail.keyserver.ca
ldap://dbmail.keyserver.ca:11371 <http://dbmail.keyserver.ca>
or
ldap://keyserver.dbma.ca:11371 <http://keyserver.dbma.ca/>

cheers,
Mike




Michael Monnerie wrote:
> On Montag, 28. Januar 2008 Michael luich wrote:
>
>> The only REAL answer is to encrypt the message at it's
>> source and decrypt it at it's destination. And this requires a lot
>> more than Dbmail can handle alone.
>>
>
> Yes, and it's called PGP or GnuPG. No reason to invent something new.
>
> mfg zmi
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> DBmail mailing list
> DBmail@dbmail.org
> https://mailman.fastxs.nl/mailman/listinfo/dbmail
>
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
I think everyone is missing the point here.
Everyone knows that email is insecure.
Everyone knows that system administrators have to be trusted, at least
to some degree.

For the system administrator to read someone's email in our current
system, he would have to put a sniffer on and redirect a copy of the
email somewhere else. He could also log on to someone's computer and
read their email.
Those are things that we would expect a sys admin not to do.


IMAP, especially on a database, changes the picture because while the
sys admin is doing routine maintenance it is so easy and untraceable to
search for keywords (such as his name or the word salary) that even a
"trusted" system administrator will do this. When the CFO gets salary
information emailed to her, (internally, never hits the Internet) she
would like that to be not easily accessible to the system administrator.

Can he log on to her machine and read her email? Yes
Will he? Probably not.
Will he search through the database out of curiosity? Probably.

I have heard a lot of complaints in the business world that CEOs, at
least those that understand the power of the system admin, would like a
better security model. Our CEO has password protected documents on his
personal computer, so that they are harder to read. He knows that the
password can be broken by someone with Password Cracker or whatever, but
that involves putting in effort, not just curiosity.
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
>
>
> IMAP, especially on a database, changes the picture because while
> the sys admin is doing routine maintenance it is so easy and
> untraceable to search for keywords (such as his name or the word
> salary) that even a "trusted" system administrator will do this.
> When the CFO gets salary information emailed to her, (internally,
> never hits the Internet) she would like that to be not easily
> accessible to the system administrator.
>
> Can he log on to her machine and read her email? Yes
> Will he? Probably not.
> Will he search through the database out of curiosity? Probably.


Again, gnuPG or PGP should be all you need. The content will be stored
encrypted, where only the receiver is able to decrypt.

And provides the same security as your password encrypted documents.
They can be cracked if one logs onto the CEO computer.


Marc

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
The problem is having the data encrypted as it is stored. Paul Stevens
said in one of his posts that this is a *bad* idea. Is this because of
the amount of time it would take, or is there another problem here? What
I was thinking is that if I had the encryption library on the server
then on the insert code for the messageblks table (only for non header
parts, obviously) I could call the encrypt function using the public key
of the user it is being inserted into. Then when he opens the email on
his client, his private key would open it automatically.
Then the only thing I would have to worry about is sniffers and people
accessing the computer to read email, which I am really not worried about.

Is there a reason this wouldn't work?

Sim


If I have the PGP library on the server and I call the Encrypt function
using a

> Again, gnuPG or PGP should be all you need. The content will be stored
> encrypted, where only the receiver is able to decrypt.
>
> And provides the same security as your password encrypted documents.
> They can be cracked if one logs onto the CEO computer.
>
>
> Marc

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
On Tue, Jan 29, 2008 at 11:19:45AM +0200, Sim Zacks wrote:
> The problem is having the data encrypted as it is stored. Paul Stevens said
> in one of his posts that this is a *bad* idea. Is this because of the
> amount of time it would take, or is there another problem here? What I was
> thinking is that if I had the encryption library on the server then on the
> insert code for the messageblks table (only for non header parts,
> obviously) I could call the encrypt function using the public key of the
> user it is being inserted into. Then when he opens the email on his client,
> his private key would open it automatically.
> Then the only thing I would have to worry about is sniffers and people
> accessing the computer to read email, which I am really not worried about.

No, it just doesn't make sense to encrypt on the server, because both
public as private keys should be /on/ the server before communicating
with the client. It adds extra load, but no security.

If the private key is on the client side, only he is able to decrypt.
Communication and storage will be encrypted, without the database
application even having to know the message is encrypted. Also, you don't
have to be worried about sniffers anymore, because communication is
encrypted.

When using a /good/ email tool encryption/decryption should be done
automatically at client side, only requesting the private key password
at the user when opening it.
The CEO only has to spread a public key to his senders, and they can
(automatically using a good email client) encrypt all messages send to
him.

So generalizing:
1) Encrypting server-side is a bad idea, because it makes no sense.
2) Encrypting client-side is. Either use gnuPG or PGP.
3) Trusting sysadmins is just something you have to get over with.

Marc

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
Sim Zacks wrote:
> The problem is having the data encrypted as it is stored. Paul Stevens
> said in one of his posts that this is a *bad* idea. Is this because of
> the amount of time it would take, or is there another problem here? What
> I was thinking is that if I had the encryption library on the server
> then on the insert code for the messageblks table (only for non header
> parts, obviously) I could call the encrypt function using the public key
> of the user it is being inserted into. Then when he opens the email on
> his client, his private key would open it automatically.

It is a bad idea imo because:
- it is bad design
- it is bad security

It is bad design because the only way to do it without breaking IMAP or even
POP3 access is by using the same key to encrypt every message part. Mail is not
stored per user. Even in 2.2 messages are accessible to other users through the
namespaces/acl feature. And in 2.3+ mimeparts are stored without any knowledge
of the messages they are part of. There is *no* way to determine which user's
key to use for a certain mime part.

It is bad security because it is bad design. No kidding. Even if you store every
message part encrypted using a serverkey, all a evil sysadmin needs to do to
grant himself access to his CEO's mailbox is by inserting a few lines in
dbmail_acl to grant himself read-access on the mailboxes of interest.

And no, I don't think peeking in user mailboxes out of curiosity is normal or
acceptable behaviour for sysadmins. It's probably a fellony in most countries.

> Then the only thing I would have to worry about is sniffers and people
> accessing the computer to read email, which I am really not worried about.
>
> Is there a reason this wouldn't work?
>
> Sim
>
>
> If I have the PGP library on the server and I call the Encrypt function
> using a
>
>> Again, gnuPG or PGP should be all you need. The content will be stored
>> encrypted, where only the receiver is able to decrypt.
>>
>> And provides the same security as your password encrypted documents.
>> They can be cracked if one logs onto the CEO computer.
>>
>>
>> Marc
>
> _______________________________________________
> DBmail mailing list
> DBmail@dbmail.org
> https://mailman.fastxs.nl/mailman/listinfo/dbmail
>


--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.nl
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
> That is what is solved by PGP: The CEO types an e-mail, his *PC*
> encrypts it and sends it to the CFO. This encrypted text is stored in
> the DB, and transferred over the Internet and all other cables
> encrypted. Only on the PC of the CFO the e-mail will be decrypted. When
> she answers, it's again encrypted on her PC and decrypted on the PC of
> the CEO. All other occurences are encrypted.

Who says the CEO as a /he/ and the CFO a /she/ ?
Maybe you've been reading their emails?


(No offence meant, just joking...)

Marc

_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
On Dienstag, 29. Januar 2008 Sim Zacks wrote:
> The problem is having the data encrypted as it is stored.

That is what is solved by PGP: The CEO types an e-mail, his *PC*
encrypts it and sends it to the CFO. This encrypted text is stored in
the DB, and transferred over the Internet and all other cables
encrypted. Only on the PC of the CFO the e-mail will be decrypted. When
she answers, it's again encrypted on her PC and decrypted on the PC of
the CEO. All other occurences are encrypted.

PGP is save, and has proven security over decades, and is pretty much
standard stuff. Or, as Robert pointed out, S/MIME is mostly the same,
supported by MS Outlook out of the box. I prefer PGP, ymmv.

mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: www.keyserver.net Key-ID: 1C1209B4
Re: mail encryption [ In reply to ]
Actually, in my messages I have referred to the CEO as a him and the CFO
as a her. Not because of any malicious stereotypes or anything, just
that's the way it is in the organization I work for.

sim
> Who says the CEO as a /he/ and the CFO a /she/ ?
> Maybe you've been reading their emails?
>
>
> (No offence meant, just joking...)
>
> Marc
>
> _______________________________________________
> DBmail mailing list
> DBmail@dbmail.org
> https://mailman.fastxs.nl/mailman/listinfo/dbmail
>
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: mail encryption [ In reply to ]
On Dienstag, 29. Januar 2008 Marc Dirix wrote:
> Who says the CEO as a /he/ and the CFO a /she/ ?
> Maybe you've been reading their emails?

Of course, I was just looking for Al-Quaida terroristic plans. You know,
in the USA everything against terrorism is explicitly allowed, ask the
DOHS.

/* just kidding also, I'm from Europe */

mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: www.keyserver.net Key-ID: 1C1209B4
Re: mail encryption [ In reply to ]
So, I'm just throwing this out there, are you looking for
true encryption, or just an obfuscation? For example could
you do a rot13 or something equivalent? Sure it's not real
security, and it's easily enough worked around, i.e.
instead of searching for 'salary' I'd search for the rot13
value of 'salary'. But maybe it's an extra step that would
make them (the management) feel more secure. And isn't that
what this is really about?
dave


--

Dave Logan
http://www.digitalcoven.com/

"Do let's pretend that I'm a hungry hyena, and you're a bone!"
- Alice
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
https://mailman.fastxs.nl/mailman/listinfo/dbmail

1 2  View All