gnupg encrypted mail and malware/spam
Thomas Scheffczyk
thomas.scheffczyk@verwaltung.uni-mainz.de
Sat May 10 20:14:02 2003
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig73898E9E9B2AFA9B1874E57F
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hello all,
I don't know if this topic was discussed before, my searches in the list
archive were not successfull, but perhaps I used just the wrong keywords.
Here is my problem:
If gnupg is used to protect mail messages it also disables all server
based protection measures against malware and spam. No virus scanner nor
spam filter an firewalls or gateways can check the encrypted messages.
All protection is to be done on the host where the mail is decrypted. At
least for bigger networks this is nearly impossible do do: No system
administrator will be happy if most of the defence lines will be
unusable and without doubt is needs a lot more manpower to secure all
local workstations to a level comparable with a firewall.
I guess that this problem is very sensitive, especially in the gnupg
community; because standard solutions would be key escrowing or
automativally co-encryption with corporate keys.
Gnupg is used for various task within the network I'm responsible for
and I really want to give all users access to gnupg to allow them to
protect their privacy and the data that is transferred by mail, but I
can't risc the security and integrity of the network itself.
Any solutions, hints, positive and even negative experience with this or
simillar problems is very desired.
TIA
Thomas
PS: I do not fear 'ordinary' viruses or other malware. What i really
fear is a sophisticated attacker that send on a very slow rate backdoors
to single users in my network. I can not guarantee the really no user
will start the program. If it is started, it's easy to create a
backchannel over allowed traffic like http.
PPS: I hope the I don't awake sleeping dogs, but what would happen, if
spammers would start to send encrypted messages? All countermeasures
like spamassassin or even statistical token analysis wouldn'd stop this
kind of spam.
--------------enig73898E9E9B2AFA9B1874E57F
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQE+vUG2ICWLj6LjFjIRAu1LAJ0amp0BQSiXJZ57tskWgBFAsfl66QCeIUTp
FV7FNU5On7//XG3Acln7qfc=
=m7Dr
-----END PGP SIGNATURE-----
--------------enig73898E9E9B2AFA9B1874E57F--