On Wed, 2005-01-05 at 15:10 -0600, Ron Johnson wrote:
On Wed, 2005-01-05 at 14:36 -0500, Jeffrey Stedfast wrote:On Thu, 2005-01-06 at 00:40 -0800, Amish Munshi wrote:Jeffrey Stedfast wrote:[snip]You dont have people in the market who can read encrypted mails, but you will definately have admins who will read mails if they are in plain text.then you fire them.After the damage is done, and *if* you catch him, some long time after the fact. [snip]root has access to memory (even gpg has to store the password in memory while decrypting something) and root also has access to your private keys. so yes, they can decrypt it.But it's more difficult to find keys in RAM than to page thru an mbox.
it doesn't matter - the whole gpg argument is pointless anyway and has no bearing on the original discussion. we're talking about encrypting the mail only once it arrives on the local machine... but presumably the admin can read the mail long before it even gets to the user's local machine. so... the point of encrypting would be...????? since the admin has the ability to page thru the mbox file on the server, why even bother trying to page thru memory to find the key on the user's local machine in the first place? :) this whole discussion is about "make me believe it's more secure even tho it isn't" which is a complete waste of our resources. if you guys want to send us a patch, go for it - but even you have to admit that it doesn't fix the problem. the way to solve this is to have everyone send you PGP/MIME (or S/MIME) encrypted messages to start with, then it really is "secure" from start to finish. that is the ONLY solution. period. Jeff -- Jeffrey Stedfast Evolution Hacker - Novell, Inc. fejj ximian com - www.novell.com
Attachment:
smime.p7s
Description: S/MIME cryptographic signature