[exim-dev] [Bug 3122] confidentiality of data-at-rest

Góra strony
Delete this message
Reply to this message
Autor: Exim Bugzilla
Data:  
Dla: exim-dev
Temat: [exim-dev] [Bug 3122] confidentiality of data-at-rest
https://bugs.exim.org/show_bug.cgi?id=3122

Bernard Quatermass <bqexim@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bqexim@???


--- Comment #2 from Bernard Quatermass <bqexim@???> ---
As noted in #1 there are two sides to this.

Given the writing of locally-delivered messages is a one-time operation on
exim's part but requires repeated access by pop/imap services it makes more
sense to use an LMTP delivery to whatever is providing the pop/imap (the
aforementioned dovecot being the only pop/imap server I know of that offers any
encrypted storage option). If it is capable of encrypting messages it can do
so, but exim needs no knowledge of details.

For spool-related items I'm not clear on the benefits of adding application
level file encryption over simply ensuring the spool is on an encrypting file
system (or more likely a filesystem on an encrypted block device).

Anything administrative that accesses spool file content directly (exipick
being an obvious case) would need extensive reworking to access files via some
utility library that has key-access knowledge and stream encrypt/decrypt
capability thus somewhat negating any potential benefit to the encryption since
it can be simply used by anything else.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/