[unisog] Gmail for the University

Michael Holstein michael.holstein at csuohio.edu
Tue Feb 28 14:23:06 GMT 2006


>I consider (expect) email to be private (secure) once it hits a
>message store.  I also expect whomever runs that message store to
>prevent unauthorized access to my data...this may or may not require
>encryption.

Generally speaking, he who hold root also holds the keys .. so 
encryption is technically no different than just trusting who guards the 
unencrypted store, no?

In the Windows world, if you (despite Microsoft's recommendations to the 
contrary -- http://support.microsoft.com/kb/834638/en-us) decide to put 
your Exchange database on a EFS encrypted volume, then by default the 
Administrator account is attached to the Key Recovery Agent role.

In the UNIX world, since root can become any user (generally), they can 
also become the user that access to live (encrypted) volume.

I can't personally think of a valid reason to encrypt a message store .. 
servers sit in a secured datacenter and are relatively immune to 
physical attack (eg: being stolen) -- I'd rather spend my energy 
ensuring the logical security of the system and not risk having a 
corrupted and unmountable volume if cryptoloop (et.al.) has a brain fart.

Encrypting *access* and *transmission* (by using STARTTLS on SMTP and 
POP/IMAP, or HTTPS on www) is another matter, but since so few sites by 
default will do that, it's a non-issue at this point.

Personally, I treat email as I would a conversation in a somewhat 
secluded restaurant -- not hard to eavesdrop upon for the moderately 
motivated.

At the moment, end-to-end security of email can only be accomplished 
through the active participation of both sender and recipient.

My $0.0184 (6% Ohio taxes withheld)

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University


More information about the unisog mailing list