Modernizing Web-of-trust for Organizations

Lou Wynn lewisurn at gmail.com
Thu Jan 4 23:24:35 CET 2018


On 01/04/2018 02:08 PM, Kristian Fiskerstrand wrote:
> no, there isn't necessarily a client plugin, the gateway decrypts the
> message before it hits the internal email server, so end-user sees
> un-encrypted message, this is protecting transport, but security of
> on-site is ensures through different channels
I see. The gateway solution is contradictory to my end-to-end email
security goal, which requires that only the end user can use his own
private key. The gateway is a total disaster if the gateway is breached.
> I don't see this as disagreeing, this means you don't have any benefit
> from storing the email in encrypted form once it hits the corporate
> network, so you're better off decryption it at gateway anyways.
>
I guess that you missed the auditing key part. I introduced it to meet
auditing requirements or scanning of messages without using end user's
private keys.

Thanks,
Lou




More information about the Gnupg-users mailing list