security: Encrypted mail in the archive

security: Encrypted mail in the archive

[Andreas Fuchs]

[-- Attachment #1: Type: text/plain, Size: 497 bytes --]

Hi.

I just saw something that shocked me. I had sent an encrypted mail to a
friend of mine and tried to read it in the archive. Guess what?

The mail that is stored in my archive group is not encrypted in any
way. I think it would be a little better, security-wise, to encrypt it
with _my_ pubkey (so that only the receipient and the sender can read
it) before storing it in a Gcc: location, would it not?

regards,
-- 
Andreas Fuchs, <asf@acm.org>, <d96001@htlwrn.ac.at>, antifuchs

[-- Attachment #2: Type: application/pgp-signature, Size: 231 bytes --]

Re: security: Encrypted mail in the archive

[Florian Weimer]

Andreas Fuchs <asf@acm.org> writes:

> I just saw something that shocked me. I had sent an encrypted mail to a
> friend of mine and tried to read it in the archive. Guess what?
> 
> The mail that is stored in my archive group is not encrypted in any
> way.

If this is not acceptable in your environment, you need a
cryptographic filesystem anyway, so I don't consider this a problem.

Re: security: Encrypted mail in the archive

[Jaap-Henk Hoepman]

On 29 Apr 2001 19:30:12 +0200 Florian Weimer <fw@deneb.enyo.de> writes:
> Andreas Fuchs <asf@acm.org> writes:
> 
> > I just saw something that shocked me. I had sent an encrypted mail to a
> > friend of mine and tried to read it in the archive. Guess what?
> > 
> > The mail that is stored in my archive group is not encrypted in any
> > way.
> 
> If this is not acceptable in your environment, you need a
> cryptographic filesystem anyway, so I don't consider this a problem.

I consider this to be a _big_ problem, because it is definitely not what I
would expect. If I send encrypted mail, the local copy should be encrypted
too. If I only send encrypted mail to a few people, a cryptograpic filesystem
is overkill. Moreover, people may store/archive their mail on some fileserver
they have no control over.

Jaap-Henk

P.S.: Andreas, what method do you use to encrypt your mail? I don't seem to 
recall seeing this behaviour using pgp and mailcrypt.

-- 
Jaap-Henk Hoepman             | Come sail your ships around me
Dept. of Computer Science     | And burn your bridges down
University of Twente          |       Nick Cave - "Ship Song"
Email: hoepman@cs.utwente.nl === WWW: www.cs.utwente.nl/~hoepman
Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590
PGP ID: 0xF52E26DD  Fingerprint: 1AED DDEB C7F1 DBB3  0556 4732 4217 ABEF

Re: security: Encrypted mail in the archive

[Simon Josefsson]

Andreas Fuchs <asf@acm.org> writes:

> I just saw something that shocked me. I had sent an encrypted mail to a
> friend of mine and tried to read it in the archive. Guess what?
> 
> The mail that is stored in my archive group is not encrypted in any
> way. I think it would be a little better, security-wise, to encrypt it
> with _my_ pubkey (so that only the receipient and the sender can read
> it) before storing it in a Gcc: location, would it not?

Yes.  I think OGnus is supposed to simply make a copy of the mail
today, and if you want to be able to decrypt it yourself, you'll need
to

(setq mc-encrypt-for-me t)

or something.  But I don't understand why it's stored unencrypted for
you.  Are you sure encryption works at all (use preview)?  How do the
mail in your sent group look like? MML tags?

Re: security: Encrypted mail in the archive

[Andreas Fuchs]

[-- Attachment #1: Type: text/plain, Size: 1184 bytes --]

Today, Jaap-Henk Hoepman <hoepman@cs.utwente.nl> wrote:
> P.S.: Andreas, what method do you use to encrypt your mail? I don't
> seem to recall seeing this behaviour using pgp and mailcrypt.

I'm using gpg with gpg.el, but I have just tracked down the place where
it goes wrong: my customisation. I have it archive mails and news before
processing mime stuff (for attachments), which also catches pgpmime
processing. This is done via:

(defadvice gnus-inews-do-gcc 
  (around gnus-news-do-gcc-inhibit-body-encoding  first activate)
  (let ((message-inhibit-body-encoding t))
    ad-do-it))

Alright, I commented it out. Let's see now what gnus does.

[silence, as I restart Xemacs and send a test mail]

Yes, now it appears in the archive, encrypted as it is supposed to be
(with the receipient's public key).

Alright, the first point (unencrypted messages in the archive) was a
local configuration error, but I'd really like messages I send encrypted
to be encrypted such that I can read it (as in, with my public key) in
the archive. It looks a little tricky, can it be done?

regards,
-- 
Andreas Fuchs, <asf@acm.org>, <d96001@htlwrn.ac.at>, antifuchs

[-- Attachment #2: Type: application/pgp-signature, Size: 231 bytes --]

Re: security: Encrypted mail in the archive

[Simon Josefsson]

Andreas Fuchs <asf@acm.org> writes:

> Alright, the first point (unencrypted messages in the archive) was a
> local configuration error, but I'd really like messages I send encrypted
> to be encrypted such that I can read it (as in, with my public key) in
> the archive. It looks a little tricky, can it be done?

Perhaps customize `gpg-command-{sign-,}encrypt' to include
"--encrypt-to asf@acm.org"?

Re: security: Encrypted mail in the archive

[Florian Weimer]

Jaap-Henk Hoepman <hoepman@cs.utwente.nl> writes:

> > If this is not acceptable in your environment, you need a
> > cryptographic filesystem anyway, so I don't consider this a problem.
> 
> I consider this to be a _big_ problem, because it is definitely not what I
> would expect. If I send encrypted mail, the local copy should be encrypted
> too.

Even if the archived copy is encrypted, the article may have been
written to disk in plaintext, for example as a draft or as an
auto-save copy.  Or the user might have included some attachment which
has to be on disk in plaintext the time the message sent.

IMHO, encrypting the archived copy just gives a false sense of
security.

Re: security: Encrypted mail in the archive

[Karl Kleinpaste]

Florian Weimer <fw@deneb.enyo.de> writes:
> IMHO, encrypting the archived copy just gives a false sense of
> security.

Not at all.  I don't do draft-saving, especially when writing messages
sufficiently sensitive that I intend to encrypt them, and whether or
not they include attachments is not germane to the question.

I too want archived copies to be encrypted, to defend myself against
crackers or spooks if they should happen on my filesystem.  I do not
want a cryptographic filesystem because that would be like swatting a
fly with a Buick -- I need a little bit of very good encryption, not a
lot of wasted encryption.  My IP links to the universe are also
encrypted (http://sites.inka.de/sites/bigred/devel/cipe.html) and
these are the uses where encryption serves me well.

--karl

Re: security: Encrypted mail in the archive

[Charles Sebold]

On 8 Iyar 5761, Andreas Fuchs wrote:

> Alright, the first point (unencrypted messages in the archive) was a
> local configuration error, but I'd really like messages I send
> encrypted to be encrypted such that I can read it (as in, with my
> public key) in the archive. It looks a little tricky, can it be done?

I have put the following in my ~/.gnupg/options:

encrypt-to csebold@ezl.com

...which encrypts everything to me as well as to the recipient.
-- 
Charles Sebold
Random Answer to a Gnus Very Frequently Asked Question:
 To see old posts, enter the group with C-u RET from the *Groups* buffer.
--
8th of Iyar, 5761
--
How to please Technologies and Micro Support:

2.  Don't write anything down. Ever. We can play back the error
    messages from here.

Re: security: Encrypted mail in the archive

[Andreas Fuchs]

[-- Attachment #1: Type: text/plain, Size: 275 bytes --]

Today, Simon Josefsson <simon@josefsson.org> wrote:
> Perhaps customize `gpg-command-{sign-,}encrypt' to include
> "--encrypt-to asf@acm.org"?

Purrrfect. Thanks to you and Charles Sebold.

regards,
-- 
Andreas Fuchs, <asf@acm.org>, <d96001@htlwrn.ac.at>, antifuchs

[-- Attachment #2: Type: application/pgp-signature, Size: 231 bytes --]