[Techtalk] More secure e-mail for road warriors?

Raven Alder raven at oneeyedcrow.net
Fri Sep 19 14:14:56 EST 2003 

Heya --

	I am considering semi-secure alternatives for e-mail -- ideas
and comments welcome from the assembled.  [grins]  Right now, I ssh in
to my mail server and use Mutt to read mail locally.  Nothing ever
crosses the wire cleartext to my LAN. (Of course server to server SMTP
is still in the clear, and I can't vouch for the LANs on the other end
-- but if I'm really that concerned about the contents of my e-mail,
that's what PGP is for.)

	I have recently set up a virtual domain for another user on the
same box.  Both I and the user for the other domain do a fair bit of
traveling, and it would be nice for both of us to be able to get our
mail when not at home.  I have a laptop.  He does not.  (So ssh with key
authentication is a pragmatic alternative for me, but not for him,
really.)  I do want to be able to keep all my mail in a central location
(hence another reason for "on the server" for me), as not having a
message you want because it's on your home machine and you're at work is
very annoying.

	Any password authentication that does happen will need to be a
separate password from my shell password.  Also, the mailboxes are
Maildir format, so any solution will need to support those as well.

	So, my ideas so far...

	IMAP + SSL.  Keeps everything on the server, encrypts over the
local LAN.  Problems with this: not sure what clients give good support
for this on both *nix (Linux and FreeBSD) and Windows, could not use it
easily when traveling without installing another program on each remote
machine.  IIRC, Courier IMAP has had security problems, unsure what
other IMAP/SSL servers there are out there.  Unsure if it supports
separate mail passwords & chrooting users.

	Some sort of Webmail + SSL.  Accessible from anywhere, secure
over the local LAN.  Problems with this -- pretty much the same as
above.

	The option of being able to compose offline would be nice, too,
so that's a point in favor of IMAP.  I am also open to the idea of
supporting both, but don't want to run too many services on the server.
I've got enough ports open as it is anyhow.

	Ideas, comments, experiences from the geek gallery?

Cheers,
Raven
 
Corvin: the question is whether darkness is communitive, associative or distributive in terms of properties [grin]
Corvin: that is whether darkABC=AdarkBC=ABdarkC, etc...
Corvin: wow, that was a math geek moment

More information about the Techtalk mailing list