Re: [Evolution] Feature requests



oh, and keep your gpg (or s/mime) private keys on your person (floppy
disk? usb drive? crypto-card?) rather than in your local machine's home
directory.

but even that has weaknesses :)

Jeff

On Wed, 2005-01-05 at 16:28 -0500, Jeffrey Stedfast wrote:
On Wed, 2005-01-05 at 15:10 -0600, Ron Johnson wrote:
On Wed, 2005-01-05 at 14:36 -0500, Jeffrey Stedfast wrote:
On Thu, 2005-01-06 at 00:40 -0800, Amish Munshi wrote:
Jeffrey Stedfast wrote:
[snip]

 You dont have people in the market who 
can read encrypted mails, but you will definately have admins who will 
read mails if they are in plain text.

then you fire them.

After the damage is done, and *if* you catch him, some long time
after the fact.

[snip]
root has access to memory (even gpg has to store the password in memory
while decrypting something) and root also has access to your private
keys.

so yes, they can decrypt it.

But it's more difficult to find keys in RAM than to page thru an
mbox.

it doesn't matter - the whole gpg argument is pointless anyway and has
no bearing on the original discussion.

we're talking about encrypting the mail only once it arrives on the
local machine... but presumably the admin can read the mail long before
it even gets to the user's local machine. so... the point of encrypting
would be...?????

since the admin has the ability to page thru the mbox file on the
server, why even bother trying to page thru memory to find the key on
the user's local machine in the first place? :)

this whole discussion is about "make me believe it's more secure even
tho it isn't" which is a complete waste of our resources.

if you guys want to send us a patch, go for it - but even you have to
admit that it doesn't fix the problem.

the way to solve this is to have everyone send you PGP/MIME (or S/MIME)
encrypted messages to start with, then it really is "secure" from start
to finish.

that is the ONLY solution. period.

Jeff

-- 
Jeffrey Stedfast
Evolution Hacker - Novell, Inc.
fejj ximian com  - www.novell.com

Attachment: smime.p7s
Description: S/MIME cryptographic signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]