28.04.2010 15:25, cyrus-sasl-request@xxxxxxxxxxxxxxxxxxxx написав(ла):
This is another problem, but server can't encrypt messages because it should have access to a symetric or assymetric keys saved on the server. Then you back to the problema, the hacker may access the key and decrypt messages (this chicken and egg problem). My proposal addresses this problem. I fear, you
have not read it -- despite two opportunities already -- before rushing
to the reply-button. Allow me to afford you one more explanation.
The new messages arriving to the server will
remain unencrypted -- no worse off than they are now -- until the user
logs in (and provides the key).
Again. Under my proposal, the server does have the key to a user's messages, but only while the user is logged in. Older messages of disconnected users are not readable even to the server's root. My proposal does not solve the problem completely, but it does reduce the damage. This is useful. The proposed method uses each user's own password to encrypt their mails -- only the mailboxes of the currently-connected users would be exposed to a hacker (or coercer).If the hacker owned the server he can - use "tcpdump -s 0 -A | grep --line-buffered -e LOGIN -e USER -e PASS" to get password in next user authentication. - read TLS private key file and look traffic with tcpdump. - read TLS private key from memory. - switch imapd daemon to a version that save user/password on a file. This would only give the hacker ability to access
e-mails of people currently connecting to the server, while the exploit
is ongoing. My plan -- for the third time -- aims to protect mailboxes
of those, not currently connected. I believe, this could be valuable in
a substantial number of installs.
Server should't encrypt data. Root can do anything. Both statements are wrong (as all
generalizations)... I demonstrate, how the server can do encryption
usefully -- so that even root can not decrypt it, until the user logs
in to check their e-mail.
If a break-in happens, while a I'm on vacation, my
old e-mails weren't exposed. That's as useful as being able to lock my
house, while I'm away, even if I have to open it up upon returning...
You are now contradicting your own earlier advice (to use encrypted filesystem)!Server should't encrypt data. I must say this explicitly, Reinaldo, that you are
coming off as an annoyed, impolite, and discourteous individual and
this is my last e-mail to you, unless your response shows better
manners. I don't want to emulate your tone again...
This need not be -- and is not -- about anybody's ego, you know... Yours, -mi |
