ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Encrypting RFC822 headers in S/MIME or PGP/MIME messages

1998-09-25 13:14:47
from [William H. Geiger III] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----

In <SIMEON(_dot_)980918095519(_dot_)E(_at_)gallileo(_dot_)esys(_dot_)ca>, on 
09/18/98 
   at 10:55 AM, Steve Hole <steve(_at_)esys(_dot_)ca> said:


Also there has been discussion many times in the past of having "proxy 
security handling" for IMAP servers where the IMAP server handles
decoding encrypted messages on behalf of the client and sending the
decoded content over an encrypted data connection to the client.   Note
that this is not a  real situation now, but there are lots of reasons for
people to want this  behaviour in the future and it continues to be
discussed.


IMHO this is *not* a good idea.

The purpose of using end-to-end encryption is to avoid the use of unknown
3 party systems to relay encrypted data. Decrypting on the server then
re-encrypting via different means devalues the original encryption and
brings unnecessary exposure of the raw data. It would also require that
the decryption keys of the recipient be stored on the server adding an
added level of insecurity.

While I have played with "proxy security handling" in the past it has been
for out-bound encryption, in-bound signature verification, and policy
enforcement. In-bound decryption & out-bound signing should never be done
by anyone but the owner of the private keys.

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.openpgp.net
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
- ---------------------------------------------------------------
 
Tag-O-Matic: The best way to accelerate Windows is at escape velocity.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNgv9Lo9Co1n+aLhhAQEAHAP9FFdmZZD3I8q8R3UgA1Kurzi/GrTOKVkV
jr6t/lSwokNc08qGjusFeu7TwNQHA/dJ/kc60F0whpO0VtLvDc6dW1GopWwJMFSh
p3JhRcltgBdQ/xm/RUbpvdTsaxd5V0vWYV80QzaYqR3EeUz4jVuSJ5ddei2iVvIh
mrrCPdTaVU8=
=ebIz
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Encrypting RFC822 headers in S/MIME or PGP/MIME messages, William H. Geiger III
Next by Date:  Re: 8/26/98 S/MIME WG Minutes, Dr Stephen Henson
Previous by Thread:  Re: Encrypting RFC822 headers in S/MIME or PGP/MIME messages, Steve Hole
Next by Thread:  Re: Encrypting RFC822 headers in S/MIME or PGP/MIME messages, Tom Phinney
Indexes:  [Date] [Thread] [Top] [All Lists]