[imp] unable to access older encrypted emails because only one key is stored at a time

Wed, 27 Oct 2010 12:05:39 -0700

I am using IMP 4.3.6 and Horde 3.3.6 with Apache 2.2.14 on Ubuntu Server 10.04 (64-bit). As far as I know, everything is working as designed, including S/MIME support.
I am shifting users from a Mozilla Thunderbird IMAP installation to one using IMP. I have found one behavior that I think is probably expected, and if so I would like to understand the implications. If it is not expected, then I would like to resolve my configuration problem (or bug) as is possible. 


We use S/MIME for many emails each day.  We have used this for years,  
which means we have tens of thousands of encrypted emails stored for  
each user.  Annually, each email user gets a new digital certificate  
from Verisign.  At that time, the new public key is sent to the other  
users and encrypted communications continues to be possible.  In IMP,  
it seems that only the most recent public key can be stored at one  
time.  As far as I can tell, older (expired) keys cannot be/are not  
stored.



This means that emails written with any of the expired keys can never  
be read again, even though they are not in themselves invalid in any  
way.  They just cannot be decrypted any longer because the proper keys  
no longer exist in IMP.



On ThunderBird, the certificate/key store retains all of the older  
expired keys (your own private key/cert as well as the public keys of  
others).  This capability then enables it to continue to decrypt email  
long after the keys themselves are expired.  This is extremely useful  
and in fact, a bit of a show-stopper for me since we can't afford to  
lose all archived email each time a key changes.



I have looked through the mailing list archives, the IMP  
documentation, the Horde/IMP FAQ, google searches... and have also  
tried to experiment to see if I could get multiple keys stored.  As  
far as I can tell it is not something that can be done and this is not  
a bug, but just an implementation choice.  Is that correct?



If so, is there anything planned in this area in the future (what is  
the possibility of adding this feature)?


If not, I would appreciate any guidance on how I went wrong.

Best Regards,
Greg Shah

--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: [email protected]






















					Reply via email to