encrypt the sent folder

Todd Zullinger tmz at pobox.com
Wed Dec 6 10:21:53 CET 2006


Eray Aslan wrote:
> I thought it was a mis-configuration on my part.

Nope.  As John pointed out this is simply not feasible to do from
within Enigmail based on the way it has to interact with Thunderbird.

>> If you don't trust the IMAP server admins, then you should store
>> your mail somewhere you do trust.
> 
> Nope. I am the admin.

I'll assume that means you trust you.  ;-)

>> If you are worried about someone cracking the server and getting at
>> your sent messages then encryption on the server may be sufficient,
>> but would involve either changes to you mail client or some other
>> sort of access to your mailbox on the server.
> 
> The servers in question already has encryption at the file system
> level with cryptsetupLUKS for Linux and truecrypt for windows boxes.
> But the trouble is these do not provide any defense against attacks
> through the network.  They will happily serve the emails thru the
> network to the appropriate user when asked.  FS encryption is only
> good at boot time.  Once the partition is mounted, you can access
> the data.

True.  An encrypted FS that's always mounted isn't too secure.

> I can give the end users a smartcard or a usb stick.  The objective
> is to provide a solution so that not even the admin can read the
> emails

Well, as I understand your original query, you're looking to get
security on the sent messages that are not encrypted to the recipient.
In that case, the message goes out via IMAP and SMTP on the server and
thus the admin could just grab a copy somewhere in that process.
That'd be a lot easier to do than trying to crack the gpg encrypted
message in your sent mailbox.

ISTM that the only good way for you to get the security you want in
this case is to send the mail encrypted in the first place.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
Rupert!  I told you to watch the bags!  You were watching the boys
again weren't you!
    -- Stewie Griffin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : /pipermail/attachments/20061206/62e673d0/attachment.pgp


More information about the Gnupg-users mailing list