Serverside Sign and Crypt E-Mails

Bernhard Reiter bernhard at intevation.de
Tue Apr 11 14:54:13 CEST 2006


Am Donnerstag, 16. Februar 2006 17:10 schrieb Giovanni Baroni:
> Automatic and transparent sign an Crypt Messages with GnuPG.
> By default the Server has to sign every outgoing E-Mail. Additionally if
> he finds the recipient Public Key ... the server automatically crypt the
> message.

> It would be enough for a single User.
>
> Has anyone done some tests with this, or is it theoretically impossible ?

This approach is possible (e.g. GEAM that Thomas mentioned), 
but it has some inherit disadvantages:
a) The signature are not as useful as before as your users will always claim
    that the signing server could have made a mistake.
b) The problem of selecting and trusting keys cannot be solved automatically
    in all cases. In your above example, the question is: How does the server   
    search for the public key. If it just looks on a public keyserver, the
   attack simply is to uploaded a key with a faked user id.
c) Regarding encryption, you never get better than a transport layer security
    based on the MTA (e.g. TLS with postfix).
 
-- 
www.kolab-konsortium.com  Professional Maintenance, Consultancy and Support.




More information about the users mailing list