[Freedombox-discuss] Email Encryption Basics

[Sandy Harris]

Jonathan Wilkes <jancsika at yahoo.com> wrote:

> Apropos of the ongoing Petraeus media circus-- a box with a simple setup
> to provide a basic email server would be very desirable

For complete email security, you need PGP for end-to-end encryption.
That needs to be done on the end systems, not on the Box.

There are things the Box could do, though.

Just having your own mail server in your home gives you some
protection. A snoop cannot just ask Google, Yahoo or whoever
for your mail and get it, perhaps without your knowledge. If
you control the server, that is much harder. In many countries,
he'll need a warrant to get the data. Of course, there's another
server involved, the one your correspondent uses, and a snoop
may be able to read your mail there.

Put stored email on an encrypted file system and that gives
more protection. However, in some countries there might be
stiff penalties for refusing to yield the key on demand.

The Box should, I think, support a webmail interface because
that is what many people are used to. That should use SSL
encryption by default; this protects mail on the wire or in the
air between the server and your desktop or laptop.

The box should also support Start TLS.
http://en.wikipedia.org/wiki/STARTTLS
That can protect non-web interfaces between server and
user, POP or IMAP, and also server-to-server mail
exchange.