Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 40

Thread: Zimbra Encryption Services

  1. #11
    JoshuaPrismon is offline Zimlet Guru & Moderator
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    Quote Originally Posted by beserker View Post
    Any further progress on this?
    I'm shooting to release this with Zimbra 5.0. I will be doing a limited beta before then. I have one other large Zimbra project that has to be finished first.

  2. #12
    jeffreyheinen's Avatar
    jeffreyheinen is offline Senior Member
    Join Date
    Jun 2007
    Location
    Oregon
    Posts
    51
    Rep Power
    7

    Default Businesses and Encryption

    Quote Originally Posted by JoshuaPrismon View Post
    [*]You can't do real key management with this tool. If a employee leaves, and leaves large amount of encrypted data, a company should have a way ideally to recover the key. (That's a controversial statement, but more and more companies require/depend on encryption to do business). I am interested in how the community feels about this one.
    I wanted to chime in on this one, as no one has seemed to yet.

    As a company, we pay for key software licenses, manage the keys, set policy for keys and provide support for the keys, all in order to encrypt company data. It is part of the employee's identity, yes, but it is their identity here at the company. When they leave, the leave that part behind with the company. Part of our Employee handbook is about not using company assets for personal uses.

    That said, I can understand why, in a non-business environment, it would be a sticky issue. If someone brings their own key / email addresses to use on a server, they will want to use that elsewhere. But that sounds more like an administration setting. Businesses will want "restricted key management", where users can upload their keys, but not remove them. Otherwise, allow everyone full access to their keys via "open key management".

  3. #13
    jeffreyheinen's Avatar
    jeffreyheinen is offline Senior Member
    Join Date
    Jun 2007
    Location
    Oregon
    Posts
    51
    Rep Power
    7

    Default Server Policies and Master Keys

    We have a several PGP users in the office. There are two things that we might like to see in a company-wide solution.

    Server Policies.

    It is on a per-person basis at the moment, but it would be nice to have rules set up (much like spam filter rules) that can make decisions on when to sign, and when to encrypt. I expect most of our users will want to continue using their mail readers and not use the web client. But how would they, then, tell Zimbra to encrypt their email?

    The policy rules are built on rather simple building blocks: header values, items in subject line. (Examples: If Sensitivity header is "confidential", then encrypt message. If subject starts with "[GPG]" and Priority is High, then encrypt.)

    There should also be rules that run on a failure to find a key. So that it can reject emails it could not encrypt.

    On a global level, I would like to see the ability to enforce some items, like make everyone sign every mail that goes out. (A possible corporate policy).

    Master Keys

    We found that PGP's concept of Master Keys can be quite useful. These are keys that are added to every encrypted message you send. In most cases, it is so that you can always include your own key. This allows you to always decrypt anything you send, even if you did not send it to yourself. But, it could also be used to include a corporate key. This could solve the problem of personal keys leaving with people. If an important business email was encrypted from or to an ex-employee, it would give administrators a way to decrypt it and make sure that information was given to the new employee in that role.

  4. #14
    jeffreyheinen's Avatar
    jeffreyheinen is offline Senior Member
    Join Date
    Jun 2007
    Location
    Oregon
    Posts
    51
    Rep Power
    7

    Default Provisioning

    One other though came up, what about Provisioning?

    With LDAP authentication, it does not automatically create the account information needed for the user. Bug id 7235. Will you have to take care of that as well, or will you simple focus on authentication and encourage people to vote for auto-provisioning?

    Either way works, and I'm sure you thought about it, but I just wanted to note this potential headache.

  5. #15
    JoshuaPrismon is offline Zimlet Guru & Moderator
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    Thanks for the input. on Key policy. At this point I am inclined to make key management integral. I am sorry I haven't made more visable proccess, but I have one Zimbra project that is higher priority, and it's a lot of source code that needs to be correct before I am confortable releasing anything.

    The biggest change is that I am working on ditching the Cryptex adapter. It doesn't work well with larger key sizes (which are mandatory at this point) or with large streams.

  6. #16
    SpEnTBoY is offline Advanced Member
    Join Date
    Mar 2007
    Location
    Regina, Sask.
    Posts
    215
    Rep Power
    8

    Default

    ^bump ... just checking to see how the progress is. I know you have priorities but I wanted to throw my hat in if you need any help. I'm not a java programmer but if you need testers/documentors whatever, I'm sure there are quite a few of us that would be up for poking around

    Currently I'm not at any of the beta releases for 5 so I'm not sure how many if any hooks may be in your code reliant on v.5 but I'm sure I could work around this or upgrade to a beta release.

    my luck you/re anal and doing all of your own testing either way there will be docs needed


    --
    Lonny

  7. #17
    JoshuaPrismon is offline Zimlet Guru & Moderator
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    9

    Default

    Quote Originally Posted by SpEnTBoY View Post
    ^bump ... just checking to see how the progress is. I know you have priorities but I wanted to throw my hat in if you need any help. I'm not a java programmer but if you need testers/documentors whatever, I'm sure there are quite a few of us that would be up for poking around

    Currently I'm not at any of the beta releases for 5 so I'm not sure how many if any hooks may be in your code reliant on v.5 but I'm sure I could work around this or upgrade to a beta release.

    my luck you/re anal and doing all of your own testing either way there will be docs needed


    --
    Lonny
    Progress is being made, albiet it slowly. Ineed to replace the cipher system for the PGP, since it's crashing at streams larger then 5mb, and key sizes > 1024. I do (as mentioned above) have a zimbra project that is higher priority right now.

  8. #18
    SpEnTBoY is offline Advanced Member
    Join Date
    Mar 2007
    Location
    Regina, Sask.
    Posts
    215
    Rep Power
    8

    Default

    Quote Originally Posted by JoshuaPrismon View Post
    Progress is being made, albiet it slowly. Ineed to replace the cipher system for the PGP, since it's crashing at streams larger then 5mb, and key sizes > 1024. I do (as mentioned above) have a zimbra project that is higher priority right now.
    I know ... I wasn't pushing anything, that's why I said "I know you have priorities" in my post

  9. #19
    dstjohn_2009 is offline Starter Member
    Join Date
    Jan 2008
    Posts
    1
    Rep Power
    7

    Default

    For local pgp/gpg key storage

    ldap can be used as a pgp key server
    PGP Ldap server
    Other
    PGP Public Key Server

    Thought that may be of some usefull hacking resources

  10. #20
    tobru's Avatar
    tobru is offline Active Member
    Join Date
    Nov 2007
    Location
    Zürich, Switzerland
    Posts
    40
    Rep Power
    7

    Default

    @Joshua: Can you give a short status of the work progress?

    I'm very interested =)

    Thanks

Page 2 of 4 FirstFirst 1234 LastLast

LinkBacks (?)

  1. 12-20-2007, 11:52 PM
  2. 11-20-2007, 07:04 AM
  3. 09-17-2007, 06:39 PM
  4. 07-28-2007, 03:12 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  2. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM
  3. Replies: 7
    Last Post: 01-24-2007, 11:03 PM
  4. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM
  5. Replies: 1
    Last Post: 11-23-2005, 01:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •