On Fri, Sep 06, 2013 at 11:05:16AM -0500, Dale Raby wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If it's sensitive > > enough to be encrypted outgoing, it's sensitive enough to be > > encrypted on disk... even if you haven't actually sent it yet. > > > > Well, its easy enough to encrypt the whole disk with modern OS's, so
Ya, except in my original email I said: > have to postpone it. In the meantime offlineimap runs and syncs > you mailboxes, and thus your mail which is to be sent encrypted > ends up in (say) Gmail's remote folder -- UNencrypted. Don't get my wrong: I actually have encrypted my hard drives, and I actually don't have offlineimap running in a background cronjob (it runs before mutt, in a wrapper script I use to start mutt). My problem is thus that the message ends up unencrypted in google's servers. But Derek Martin's comment is relevant: mutt should not *assume* that the user's disk is encrypted; otherwise why bother storing even the original messages encrypted?? Indexing and searching them, for one, would be easier... This wasn't exactly what I was thinking about when I wrote the original email, but now that I have, does seems to justify a bug report (or feature request, depending on your point of view...). Objections? > if the message is on your machine it could be made pretty secure with > no real extra effort beyond setting it up initially for an encrypted > disk. Then they would have to deal with physical security to get the > message, i.e.: disarm the operator and hold a gun to his head to get > the pass phrase. As only an idiot would actually give the correct > pass phrase (because such an assailant would not want any inconvenient > loose ends left alive after the data theft), it would be pretty darn > secure. > > I dunno though, why would you want to store a sensitive draft any > longer than you need to? Encrypted messages should be as concise as > possible, so if you get interrupted during composition, would it not > be better to delete the draft and start it over after you have dealt > with the KGB or whatever? > - -- > Dale A. Raby > > Buy My Book: 777 Bon Mots for Gunslingers and Other Real Men > > Available at Amazon, Google Books, Barnes & Noble, Book Tango, and > other online book stores. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.14 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlIp/TwACgkQq4gfK1twdnfoigCfZ6LmGSmrtj+0B0mpbu3exjXd > wx4AniZt/7OChTNkrB2kZYYWWKRP1Qel > =LVop > -----END PGP SIGNATURE----- -- Óscar Pereira | https://erroneousthoughts.org Rules of Optimisation: Rule 1: Don't do it. Rule 2 (for experts only): Don't do it yet. -- M.A. Jackson
pgpnNZyee7IX_.pgp
Description: PGP signature
