Results 1 to 2 of 2

Thread: message encryption

  1. #1
    Join Date
    Oct 2005
    Posts
    206
    Rep Power
    10

    Default message encryption

    Hello,

    management heard, that the system admin can access/read all mails
    stored on a mailserver and is terribly affraid about that :-)

    As I understand, Zimbra will soon support PGP encryption of the
    messages.

    Questions:
    1.
    Will the user be able to re-encrypt messages stored in his mbox
    (after reading them)?
    2.
    Will there be a mechnisme to prevent unencrypted parts of an email
    on the mailserver?


    Thank's a lot for your feedback!

    John

  2. #2
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    Quote Originally Posted by john99 View Post
    Hello,

    management heard, that the system admin can access/read all mails
    stored on a mailserver and is terribly affraid about that :-)

    As I understand, Zimbra will soon support PGP encryption of the
    messages.

    Questions:
    1.
    Will the user be able to re-encrypt messages stored in his mbox
    (after reading them)?
    2.
    Will there be a mechnisme to prevent unencrypted parts of an email
    on the mailserver?


    Thank's a lot for your feedback!

    John

    As currently planned, the messages are going to be en(de)-crypted during message transmission between the server and the ZWC. Zimbra (as near as I can tell) pretty much has a immutable mail store. Since the server might not have the pass phrase that protects the PGP key, or the S/MIME certificate, it might not always be able to permanently encrypt/decrypt the message.

    This all means that:
    • Zimbra will probably stored incoming encrypted messages as encrypted.
    • Outgoing encrypted messages will be in clear text.
    • Options will probably be enabled to cache a copy of the key phrase on the server to allow for permenant encryption/decryption.
    • I want to do a pass to understand the SOX implications of that.


    There are basically trade/offs everywhere here. To be able to store the message in S/MIME or encrypted, the server has to know your pass phrase. Another bottom line is that while I want features that enable secure connections with the rest of the world, I am targeting organizations rather then individual users. That means manageability to be factored in as well.

    I'm not dead set 100% on these things, that is just my current thinking right now. I suspect the more paranoid will never use this extension, and stick with something along the lines of FirePGP instead where the keys don't have to be stored on the server.

Similar Threads

  1. Replies: 3
    Last Post: 07-19-2007, 02:00 AM
  2. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  3. Sever based message signing and encryption
    By gjhorne in forum Developers
    Replies: 1
    Last Post: 04-05-2007, 04:26 PM
  4. Replies: 4
    Last Post: 08-10-2006, 10:55 PM
  5. Migration from Exchange 2003
    By goetzi in forum Administrators
    Replies: 13
    Last Post: 11-22-2005, 09:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •