The better way to handle this is to have the user handle the encryption of the email if they so wish. With a single set of encryption keys for all users, if those keys are compromised (however unlikely), the privacy of all mail on the server is gone. If each user is maintaining their own encryption protocol, it not only is safer, but also reduces your liability as the system administrator.
You are right. But in my case there are only 4 users on my MIAB of which I am able to take care of. And I don’t think this scenario is so uncommon that I would rule this out completely.
1 Like
So I do understand that it is possible to have encryption handled at the user’s level (Thunderbird, Outlook, or whatever client). That means everything handled on the server will just transfer data, and can’t really read the data that is being transmitted.
The reason Mail-in-a-Box has probably not implemented encryption on the mail client level is the level of complexity. For those of you that don’t know the CIA model (confidentiality, integrity, availability), you trade-off availability with confidentiality in this case. If the mail client’s computer crashes, gets reformatted, randomware attacks, gets damaged, or otherwise, the data on the client’s computer gets lost, the message is lost.
You also must configure encryption on the recipient and sending computers to do this as well. If you don’t have a standard images in your organization’s computer, have an IT department, or otherwise have a standard for keeping computers under control, you’re going to have a difficult time explaining to people how to manage encryption keys and trust on their computers and client.
You can eliminate that pain by taking it off the user’s responsibility and putting it onto the server. However, this puts a single-point-of-failure on the system, whereas if you had everyone encrypting their emails, the whole system in its entirety could not be compromised by one compromised system.
The advantage of having a VPS is reliability, cheap (who can pay for a 100mbps connection for $5/mo?), and limited aspects about security. If you lean more towards “they are a VPS, their business is to sell servers”, then they are secure for you. If you lean more towards “people are people, people like money, governments like control”, then I would suggest hosting it where you are comfortable with (your home, your business, your office, your friend’s house, a shed). If you don’t want anyone to know where your server is, you can try hiding behind Tor. How can a government/person get your data, if they don’t even know where the data is? (NOTE: keep on-top of vulnerabilities, your server might give out information you don’t want. In this case, Tor might give physical security, but not technical security. Keep in mind, make sure your server is jailed into using Tor)
If you like the idea of using a VPS, but want to be more careful with data handed to/written to the VPS, you might want to consider proxies or storing keys off-site (your house). Since private-public key encryption is a thing, you can safely save a public key on a server (encryption-only, no decryption), and private keys off-site (your house). The only problem with that, is read operations depend on your house being online and running properly. I bet there are even ways to require multiple locations that have to decrypt data before data is fully decrypted, or if availability is required, have multiple locations that could fully decrypt data.
Anyway, in short, you can store decryption keys off-site if you want to do everything on the server (or servers, if multiple). You can also do encryption/decryption on clients, but that requires every client to configure that, and may cause data loss if the encrypted version of the data and/or the decryption keys are lost for the clients.
So in case of encryption on VPS, every e-mail that will arrive there will be automatically encrypted before saved, right?
And I’ll decrypt them once I’ve downloaded them?
It depends on which option you choose, and how you do it. Are we talking about server-encryption, or client-encryption?
As discussed earlier, it is nearly pointless to have decryption capabilities on the same server as the data stored.
This topic was automatically closed after 61 days. New replies are no longer allowed.