Own Mail: PGP running on local server; Is it secure
Robert J. Hansen
rjh at sixdemonbag.org
Mon Sep 28 18:08:13 CEST 2015
> They are also proposing a HTTPS web interface, I guess this relies on
> trusting the certificate authority?
This has a critical chicken-and-egg problem. Let's say I want to send
you an encrypted email. I send it to the OwnMail box, and it in turn
sends to you, in cleartext, an HTTPS link to the OwnMail box. But Eve,
who's listening in on communications between us, who is the adversary I
want to foil ... well, she gets the HTTPS link, too, and she's able to
use it to view my message to you. End result: Eve is not foiled.
Okay, so let's say the HTTPS link goes to a page protected by some kind
of authentication, some kind of login method. How do I communicate to
you the credentials to login? Eve gets to eavesdrop on those, too. End
result: Eve is not foiled.
So let's say that you create a username/pw on someone else's OwnMail box
early on, before Eve starts listening in. Now you can go fetch those
HTTPS-secured pages securely. Eve is foiled. *But*, you have to set up
the username/PW ahead-of-time, before Eve comes into play. And now you
have to keep track of yet another username/PW. End result: Eve is
foiled but it's a usability nightmare because you're stuck tracking 25
different OwnMail username/PWs for 25 different OwnMail users.
Further, they're not doing *anything* that we haven't already been able
to do for 20+ years. Seriously. Every mail administrator on the planet
has been able to do this sort of thing for 20+ years. They don't. We
rarely if ever see OwnMail-like setups. It's worth asking the question,
My initial thoughts after reviewing the page: I'm not optimistic. I
might be wrong! But I'm definitely not optimistic.
More information about the Gnupg-users