dovecot - Aug 2018 - "For end user, only PGP or similar provides sufficient security against admin." (was: [trees-plugin] - Dovecot index gets corrupted,^M when using maildir and recievend and accessing mail at the same time)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 11 Aug 2018, Aki Tuomi wrote:
> While this is true, it can be useful to encrypt messages in-rest at 3rd
party storage.
> For end user, only PGP or similar provides sufficient security against
admin.
Nice, short, pinpointed words I will file away for upcoming discussions.

And I will file M's response, too, for the management.

Thanks both of you.
> -------- Original message --------From: "M. Balridge" <dovecot
at r.paypc.com> Date: 11/08/2018  13:56  (GMT+02:00) To: Dovecot Mailing List
<dovecot at dovecot.org> Subject: Re: [trees-plugin] - Dovecot index gets
corrupted,
> ? when using maildir and recievend and accessing mail at the same time
> Quoting Joseph Tam <jtam.home at gmail.com>:
>
>> Another privacy plugin that assumes the server operator is unmotivated
or
>> respects your privacy anyways, and won't just skim your password
right off
>> the top to look at your mail.? A vault with steel walls and a dirt
floor.
>
> *SIGH* As usual, you're right on the money, Joseph.
>
> I used to let things like this "slide", but somewhat recently
I've had some
> clients badgering me to implement something like this. It takes longer than
it
> should to explain how pointless the exercise is.
>
> Given that:
>
> 1) Email transactions, from submission, to delivery, to final reception by
a
> MUA, are done with plaintext contents. Those who want security, will
undergo
> the additional steps and hassles with using PGP to encrypt the contents,
> providing the only demonstrably secure (against "Evil SysAdmins")
means of
> cloaking your content. The submission, delivery, and final reception is
still
> performed as "plaintext", albeit with an attachment that is
encrypted, a
> process done (and undone) by the ultimate endpoint clients.
>
> 2) Even if the "Evil SysAdmin" doesn't scribble all of the
users' passphrases
> into a log, it's trivial for various tools, many of which were hastily
cobbled
> together during the fad of implementing Sarbanes-Oxley Act (SOX) compliance
on
> mail servers. Tools like "milter-bcc" and friends which
automatically clone
> all email submitted to or arriving through SMTP, etc. It doesn't matter
if
> your SMTP software implements 65,536 Jiggabyte Key
Quantum-Computing-Resistant
> crypto, when it has the decrypted contents in its spool.
>
> I imagine this is an exercise in buzzword collection, and to be seen to be
> "doing something" to improve security and/or privacy.
>
> If privacy is desired, there are only end-to-end encryption/signature
schemes
> to ensure anything at all, and even there we're at the mercy of
mathematical
> gods greater than we.
>
> Looking to a "magical" oracle on your server to do it for you,
whilst keeping
> all of the leaky, plaintext, and promiscuous protocols (DSN, bounces,
> intermediate MXer hosts that eruct contents to various envelope addresses,
> etc) that will betray you behind your back without a moment's notice is
a
> Fool's Errand.
>
> Think it over.
>
> =M>
>
- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBW3ErEMQnQQNheMxiAQJZ+Qf9ECwe0SZXwClaM+wHBVdsOPLPuL6rkSzV
TAkPe7bV2jnqUL8J0I7F46MW4yV76ttbWMbZ3wP6Mom2roNOqGoQIxWsQLkgZvib
Wdg29L0nsMkHY6A5zCRM/n4rvNi/xDHIUWIinZRUWvFr8J6WWkSaYneX2Xjvf6tF
24nj+tqcuYtFomsY802WySgovLZi5y0s8nSSkQ9nnPA44hpozfbQXXf/pO14D2BL
vhsiqvLKnS/3wY83Y05RLCsojfQDG3Vbqgm6qV9qkpOtGN9sLV/ufXc8tui070UW
FDmV5S/KnP8Z7ru9Hq83JEhxkaApPhcKqIQcpjUIeWyobIwvYr718A==cbbG
-----END PGP SIGNATURE-----