management heard, that the system admin can access/read all mails
stored on a mailserver and is terribly affraid about that :-)
As I understand, Zimbra will soon support PGP encryption of the
Will the user be able to re-encrypt messages stored in his mbox
(after reading them)?
Will there be a mechnisme to prevent unencrypted parts of an email
on the mailserver?
Thank's a lot for your feedback!
Originally Posted by john99
As currently planned, the messages are going to be en(de)-crypted during message transmission between the server and the ZWC. Zimbra (as near as I can tell) pretty much has a immutable mail store. Since the server might not have the pass phrase that protects the PGP key, or the S/MIME certificate, it might not always be able to permanently encrypt/decrypt the message.
This all means that:
- Zimbra will probably stored incoming encrypted messages as encrypted.
- Outgoing encrypted messages will be in clear text.
- Options will probably be enabled to cache a copy of the key phrase on the server to allow for permenant encryption/decryption.
- I want to do a pass to understand the SOX implications of that.
There are basically trade/offs everywhere here. To be able to store the message in S/MIME or encrypted, the server has to know your pass phrase. Another bottom line is that while I want features that enable secure connections with the rest of the world, I am targeting organizations rather then individual users. That means manageability to be factored in as well.
I'm not dead set 100% on these things, that is just my current thinking right now. I suspect the more paranoid will never use this extension, and stick with something along the lines of FirePGP instead where the keys don't have to be stored on the server.