Serverside Sign and Crypt E-Mails
Bernhard Reiter
bernhard at intevation.de
Tue Apr 11 14:54:13 CEST 2006
Am Donnerstag, 16. Februar 2006 17:10 schrieb Giovanni Baroni:
> Automatic and transparent sign an Crypt Messages with GnuPG.
> By default the Server has to sign every outgoing E-Mail. Additionally if
> he finds the recipient Public Key ... the server automatically crypt the
> message.
> It would be enough for a single User.
>
> Has anyone done some tests with this, or is it theoretically impossible ?
This approach is possible (e.g. GEAM that Thomas mentioned),
but it has some inherit disadvantages:
a) The signature are not as useful as before as your users will always claim
that the signing server could have made a mistake.
b) The problem of selecting and trusting keys cannot be solved automatically
in all cases. In your above example, the question is: How does the server
search for the public key. If it just looks on a public keyserver, the
attack simply is to uploaded a key with a faked user id.
c) Regarding encryption, you never get better than a transport layer security
based on the MTA (e.g. TLS with postfix).
--
www.kolab-konsortium.com Professional Maintenance, Consultancy and Support.
More information about the users
mailing list