Quote:
|
I like FireGPG and the like for precisely the same reasons that you don't. As a security professional, I'm paranoid about the security of my GPG key, keeping it on an encrypted removable device, etc. I consider *loose* integration with the mail client to be a feature. I only sign/encrypt stuff that really needs to be signed/encrypted. I don't enter my GPG passphrase lightly. Most of the time, I disconnect from the Internet before doing so.
|
Nothing wrong with that approach. I think a system where the message can be compromised instead of a key is a more valid approach, but this is a very long and contentious problem. I will look long and hard at supporting completely foreign keys, but I am not sure I can be convinced that S/MIME and FireGPG are more secure then a centralized server.
Quote:
|
But that's me. For most users, their password (or other credential(s) necessary for accessing the Zimbra system) is the weakest, and often the only, link. If you succeed in creating an easy-to-use server-based system that makes using GPG or S/MIME as easy as entering your single sign-on credentials, then it's not clear to me what you've gained.
|
Obviously, key pass phrases will be supported.
The difference is the deliverable. I believe that the purpose of this is to generate secure information that can be freely transfered across the internet for validation or encryption. I am thinking mostly in terms of financial data, and signatures for purchase orders and what not. The secured data is the deliverable.
Individual users can use FireGPG now. And if you are paranoid enough to worry about your employer's PKI system, this will never be the right project for you. Security must be balanced with practicality. That means web of trust and PKI. For me PKI is also a "check" against abuse of encryption (something that I am also bothered by) as well as a convince factor for users.
Does that mean I am not spending a lot of time thinking about how to make sure the code is as secure as I can make it? Nope. That's part of the reason I haven't done a code drop yet (the other is that I put on 5.0 code and I am working on getting auto-encrypt/decrypt to work).
And if that these statements sent hackles up your back, don't trust the code unless you have read it all ;-)
Quote:
|
In an intranet environment secured by firewalls, SSL, VPN, etc., there is less need for end-to-end GPG or S/MIME encryption of individual emails. The threat to the less paranoid is nether interception nor repudiation, but simple in-the-clear spoofing. I believe that automatic DKIM signing is a better solution to that problem.
|
Amusingly enough I just scanned my mail store for DKIM signed messages. Want to bet who the only people who ahve sent me DKIM messages are?
answer: Spammers.
I think DKIM is a good approach, although I like SPF as well, and the failure to implement that properly is a bit troubling to me.