I read through the security page and I think you’ve got pretty much everything covered. The problem I saw with my system was that my registrar (Gandi) does not support DNSSEC on my TLD (.at). Till they do so, I cannot say for sure if all my mail is being encrypted.
Now, what I was wondering was that what if we assume (going against Josh’s assumption in the threat model that adversaries do not have access to the physical box) that our box has been compromised and our adversaries have access to the drives. For such a situation I had these questions:
Because mail-in-a-box is meant to run on its own server, what are the chances that you’ll be supporting full disc encryption?
You mentioned that you were inspired in part by the post about “NSA proof your email…”, he/she mentions EncFS as an encryption tool to deploy. Now, if you do not plan on adding disc encryption to MIAB, then do you think EncFS will break the MIAB setup, if employed on our own?
I may seem a bit obsessed with security, but now that I have taken the step towards taking control of my own data, I’ve been wanting to go all the way and make sure no one has any access to it, other than me. (Because it’s my data!!!) Now, when I say all the way, obviously I don’t mean 100%, but as far as one can go.
Thank you again for this awesome piece of software!
This only protects email between MTAs that support DANE, actually, which is just Mail-in-a-Box as far as I know(!). So in general, unless you’re emailing me or another MiaB user w/ DNSSEC enabled, there is never any guarantee that email is encrypted in transit.
what are the chances that you’ll be supporting full disc encryption?
None. I have zero confidence it provides any true security when used in the cloud, which is how MiaB is usually deployed.
then do you think EncFS will break the MIAB setup
I’m not very familiar with it, but it should be fine. In the same way that MiaB doesn’t require you use any particular filesystem (ext3, ext4, etc, they all provide the same interface as far as the OS is concerned).
Thank you again for this awesome piece of software!
Let me understand, even though we may have encrypted disk, but there is a possibility that the update for MIAB we receive could, in any way, have some sort of trojan, so no point in encrypting?
Makes sense!
Another question, this may be out of the blue:
I downloaded your code a couple of days back and was looking at it and decided to make some changes (sorry!) in your front-end html files, basically translating all English into Russian. It worked and looked cool. (I put the original files back, as I was afraid it’ll mess something up.)
Would you be interested in deploying a Russian or other languages MIAB later on? I would love to help with it.
Let me understand, even though we may have encrypted disk, but there is a possibility that the update for MIAB we receive could, in any way, have some sort of trojan, so no point in encrypting?
Well, yes, but that’s not what I think anyone has in mind when thinking about disk encryption, because of course once someone gets root access on a live system, it’s over. Disk encryption protects data at rest, on a machine that is turned off.
Would you be interested in deploying a Russian or other languages MIAB later on?
Probably not in the short term because it would mean I couldn’t maintain the project myself, e.g. I would have to depend on a Russian speaker being available to update translations prior to every release from then on. It’s something to consider when there’s a much larger community around the project.