[Tickets #2670] emails not properly encrypted with gpg
bugs@bugs.horde.org
bugs at bugs.horde.org
Tue Sep 27 07:56:57 PDT 2005
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=2670
-----------------------------------------------------------------------
Ticket | 2670
Updated By | wmark.horde at hurrikane.de
Summary | emails not properly encrypted with gpg
Queue | IMP
Version | 4.0.4-RC2
State | Feedback
Priority | 1. Low
Type | Bug
Owners | Michael Slusarz
-----------------------------------------------------------------------
wmark.horde at hurrikane.de (2005-09-27 07:56) wrote:
Okay, this is how obviously IMP encrypts emails:
- For every recipient individually with his/hers public key.
- For 'me' as sender, to be put in thr outgoing-folder.
This is how it should IMHO be done:
- Encrypt the email with multiple public keys of the recipients and
optionally the sender. (Verschränkte Verschlüsselung; kombinacja kluczy
publicznych.)
That (one) email goes to the recipients and as copy to my folder.
By this you get a real and authentic copy and IMP is not vulnerable to
"DOS-emails":
- Create an email to be encrypted with the largest possible attachment.
- Give it a lot of people with certificates as recipients (i.e. all the
Gentoo developers).
- Make more emails.
- Send them at once.
Now the load on server will raise quadratically: With every recipient and
every send message.
The other way it would just increase linearly with every email.
(Maybe RLIMITs of Apache will prevent this. Does max_execution_time help?)
I hope I am wrong.
More information about the bugs
mailing list