On Thu, 2005-01-06 at 00:40 -0800, Amish Munshi wrote:
Jeffrey Stedfast wrote:I wish this feature was not important, I wouldnt have requested for this otherwise. Unfortunately, this feature is critical. It may not be important to store mails in an encrypted format, but it should atleast be in encoded . Something other than plain text is necessary. What I cant understand is why it cannot be done?I never said encrypting mails locally on disc couldn't be done, I said it was impractical and a waste of effort.Jeffrey, do you visit clients?
I have, yes.
You dont have people in the market who can read encrypted mails, but you will definately have admins who will read mails if they are in plain text.
then you fire them.
It point here is practical situation. Do me a favour, just impliment this feature. Provide it as an option, which can be turned off if the end-user does not need it.
no. evolution is open source, if you want it - you code it. it is a complete waste of time if you have any idea how security works. also, when evo decrypts the mail - it will have to put it somewhere - where would it put it? ram? hard drive in /tmp? it isn't feasable to decrypt an entire mbox into ram - no one has the memory available on modern hardware and putting it into /tmp defeats the whole purpose (even putting it in ram defeats the whole purpose)
changing file-system permissions is sufficient for blocking out everyone except root, encrypting doesn't block root. so what is the point? it's a lot of extra processing for no added benefit (except a false sense of security)Explain to me how root can access encrypted content? If a file is encrypted using gpg, how can you read it without the passphrase?
root has access to memory (even gpg has to store the password in memory while decrypting something) and root also has access to your private keys. so yes, they can decrypt it.
no, it is really trivial to do and in fact requires no more effort than opening a file with vi :)Can you expain, how to do this and not just metion that this is easy to do.
google is your friend :) anyway, I consider this the end of this fun little conversation since I'm not going to budge on my stance. -- Jeffrey Stedfast Evolution Hacker - Novell, Inc. fejj ximian com - www.novell.com
Attachment:
smime.p7s
Description: S/MIME cryptographic signature