encrypt the sent folder

Eray Aslan eray.aslan at caf.com.tr
Wed Dec 6 08:45:47 CET 2006


Todd Zullinger wrote:
> Eray Aslan wrote:
>> Surely there must be a better way.  These all require admin access
>> to the IMAP server.  The software already does what I want some of
>> the time (when I send the recipient encrypted email).  I just want
>> it to do it all the time.
> 
> This doesn't like an entirely unreasonable feature request to make of
> Enigmail.  Perhaps you'd want to check in with the Enigmail folks to
> see if the would consider adding such a feature?  It has some
> potential to be useful but it might be icky to implement.

I thought it was a mis-configuration on my part.

> Obviously, if you send a message unencrypted but store it encrypted,
> you won't really have an accurate record of your sent mail.  The
> headers and MIME parts will be different.  Some people prefer that
> what's in their sent mailbox be exactly equal to what was sent.
> (Pedants. :)

Fair enough.

> I am curious though, what particular threats are you concerned about?
> That might help shape what options would be best to take.
> 
> If you don't trust the IMAP server admins, then you should store your
> mail somewhere you do trust.

Nope. I am the admin.

> If you are worried about someone cracking the server and getting at
> your sent messages then encryption on the server may be sufficient,
> but would involve either changes to you mail client or some other sort
> of access to your mailbox on the server.

The servers in question already has encryption at the file system level
with cryptsetupLUKS for Linux and truecrypt for windows boxes.   But the
trouble is these do not provide any defense against attacks through the
network.  They will happily serve the emails thru the network to the
appropriate user when asked.  FS encryption is only good at boot time.
Once the partition is mounted, you can access the data.

I can give the end users a smartcard or a usb stick.  The objective is
to provide a solution so that not even the admin can read the emails
(say by changing the password and logging in as the user) unless he/she
has the secret key.

-- 
Eray

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20061206/20880ba1/signature.pgp


More information about the Gnupg-users mailing list