Re: configuration exim with automatic and trasnparent OpenPGP
On Sat, Jun 11, 2005 at 04:23:14PM +0200, Carsten Frank wrote:
> Is it possible to use transparent ancryption and signing of emails
> for the configured users. I have a installation where we have email
> accounts on the exim server making authentication against system
> accounts. I want to encrypt and sign all outgoing emails with the
> proper certificates of the present user.
>
> Is that possible?
it's a bad idea.
it would require that private keys be either unprotected by pass-phrases or
that the pass-phrases be available in plain-text in a configuration file or in
the program itself. this is inherently bad. if the machine is compromised,
the private keys can easily be stolen.
also, it enables the automation of signed forgeries. all an attacker has to
do is make your system send a forged message and it is signed automatically
making it indistinguishable from a legit message...which completely undermines
any point in doing it in the first place. it makes your system particularly
vulnerable to insider attacks - e.g. a disgruntled employee can easily forge a
message purporting to be from the General Manager (company "President" in U.S.
terms), who is then unable to prove that s/he didn't sent it because it is
signed with their private key.
(and what happens when a virus or spam trojan on a windows client machine
starts sending mail - do you really want to send digitally-signed
spam/viruses?)
any signing or encrypting should be done in the mail client by the
person who sends the mail.
craig
--
craig sanders <cas@taz.net.au> (part time cyborg)
Reply to: