Steffen Kaiser
2018-Aug-13 06:54 UTC
"For end user, only PGP or similar provides sufficient security against admin." (was: [trees-plugin] - Dovecot index gets corrupted,^M when using maildir and recievend and accessing mail at the same time)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 11 Aug 2018, Aki Tuomi wrote:> While this is true, it can be useful to encrypt messages in-rest at 3rd party storage. > For end user, only PGP or similar provides sufficient security against admin.Nice, short, pinpointed words I will file away for upcoming discussions. And I will file M's response, too, for the management. Thanks both of you.> -------- Original message --------From: "M. Balridge" <dovecot at r.paypc.com> Date: 11/08/2018 13:56 (GMT+02:00) To: Dovecot Mailing List <dovecot at dovecot.org> Subject: Re: [trees-plugin] - Dovecot index gets corrupted, > ? when using maildir and recievend and accessing mail at the same time > Quoting Joseph Tam <jtam.home at gmail.com>: > >> Another privacy plugin that assumes the server operator is unmotivated or >> respects your privacy anyways, and won't just skim your password right off >> the top to look at your mail.? A vault with steel walls and a dirt floor. > > *SIGH* As usual, you're right on the money, Joseph. > > I used to let things like this "slide", but somewhat recently I've had some > clients badgering me to implement something like this. It takes longer than it > should to explain how pointless the exercise is. > > Given that: > > 1) Email transactions, from submission, to delivery, to final reception by a > MUA, are done with plaintext contents. Those who want security, will undergo > the additional steps and hassles with using PGP to encrypt the contents, > providing the only demonstrably secure (against "Evil SysAdmins") means of > cloaking your content. The submission, delivery, and final reception is still > performed as "plaintext", albeit with an attachment that is encrypted, a > process done (and undone) by the ultimate endpoint clients. > > 2) Even if the "Evil SysAdmin" doesn't scribble all of the users' passphrases > into a log, it's trivial for various tools, many of which were hastily cobbled > together during the fad of implementing Sarbanes-Oxley Act (SOX) compliance on > mail servers. Tools like "milter-bcc" and friends which automatically clone > all email submitted to or arriving through SMTP, etc. It doesn't matter if > your SMTP software implements 65,536 Jiggabyte Key Quantum-Computing-Resistant > crypto, when it has the decrypted contents in its spool. > > I imagine this is an exercise in buzzword collection, and to be seen to be > "doing something" to improve security and/or privacy. > > If privacy is desired, there are only end-to-end encryption/signature schemes > to ensure anything at all, and even there we're at the mercy of mathematical > gods greater than we. > > Looking to a "magical" oracle on your server to do it for you, whilst keeping > all of the leaky, plaintext, and promiscuous protocols (DSN, bounces, > intermediate MXer hosts that eruct contents to various envelope addresses, > etc) that will betray you behind your back without a moment's notice is a > Fool's Errand. > > Think it over. > > =M> >- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBW3ErEMQnQQNheMxiAQJZ+Qf9ECwe0SZXwClaM+wHBVdsOPLPuL6rkSzV TAkPe7bV2jnqUL8J0I7F46MW4yV76ttbWMbZ3wP6Mom2roNOqGoQIxWsQLkgZvib Wdg29L0nsMkHY6A5zCRM/n4rvNi/xDHIUWIinZRUWvFr8J6WWkSaYneX2Xjvf6tF 24nj+tqcuYtFomsY802WySgovLZi5y0s8nSSkQ9nnPA44hpozfbQXXf/pO14D2BL vhsiqvLKnS/3wY83Y05RLCsojfQDG3Vbqgm6qV9qkpOtGN9sLV/ufXc8tui070UW FDmV5S/KnP8Z7ru9Hq83JEhxkaApPhcKqIQcpjUIeWyobIwvYr718A==cbbG -----END PGP SIGNATURE-----
Possibly Parallel Threads
- [trees-plugin] - Dovecot index gets corrupted, when using maildir and recievend and accessing mail at the same time
- [trees-plugin] - Dovecot index gets corrupted, when using maildir and recievend and accessing mail at the same time
- [trees-plugin] - Dovecot index gets corrupted,^M when using maildir and recievend and accessing mail at the same time
- [trees-plugin] - Dovecot index gets corrupted, when using maildir and recievend and accessing mail at the same time
- [trees-plugin] - Dovecot index gets corrupted, when using maildir and recievend and accessing mail at the same time