Re: SUMMARY: [linux-security] IMAP security across the net

[Daniel Zen <daniel zendigital com>]

I just want to say that the compilation of answers on reading IMAP
e-mail securely was excellent. I currently read my IMAP mail through an
SSH tunnel, but have always wanted to use the built in encryption in the
e-mail clients, and I am in the process of setting it up based on your
message.

However, being a little excessive, I want to go even further. I imagine
e-mail being delivered and then encrypted with a public key before being
placed in my IMAP folders.

Then when I go to read my e-mail, I connect over SSL and my password
unlocks a private key which is (relatively) well encrypted on the
server, decrypts my e-mail before it sends it to the client. Of course
any content that is cached in the e-mail client is insecure, but the
large amount of archived e-mail I have on the server is both accessible,
and (relatively) safe even if my system is comprimised.

This is a a bit theoretical, but I was wondering if you thought there
was a way to configure my server to do this without writing a lot of
source code. Also can I have opinions as to whether this enhances my
security, or if there is a way (without going too far overboard) to
enhance it even further, and still give me the flexibility to use a
standard e-mail client. My goal is to prevent even someone with root
access from reading e-mail on my machine.

Thanks again for your efforts. I have installed OpenSSL and am reading
through the documentation now.

Daniel Zen