On Mon, Feb 09, 2015 at 10:49:36AM +0000, Craig Skinner wrote: > On 2015-02-08 Sun 10:56 AM |, Gilles Chehade wrote: > > > > 1- you need the queue to be encrypted. > > 2- you need mails delivered to the users to be encrypted. > > The SENDER encrypts their message in their MUA, _before_ sending. >
You are describing the PGP model which provides end-to-end encryption, not the Lavabit model which only attempts to secure the storage at the server level with a best-effort approach (ie: there are still ways for an attacker to retrieve them, it's just considerably harder). > > 3- you need mails to be decrypted when a user retrieves them. > > The recipient decrypts the message in their MUA, when reading. > Same comment here, you're describing the PGP model. > > Queue encryption solves 1/3rd of the problem, the two others are outside > > the OpenSMTPD scope. > > > > Because they are not an SMTP (*simple* mail transfer protocol) problem, > they are a MUA & user training issues. > Yes, unfortunately you can't always use PGP because not everyone does. If you rely solely on PGP, then as soon as you exchange with someone who doesn't use it... your mail is stored in plaintext. The Lavabit model adds another layer of security which can be used with or without PGP and which protects the data at the server level against a particular set of attacks. As a bonus, it is transparent for the user so they can actually benefit from it without even be aware. In an idea world, PGP is the way to go, however we don't live in that ideal world and relying on different security mechanisms at different levels is probably the best approach. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
