Quote:
I'll come to why I think it's a fundamentally flawed concept.
The whole point of encryption and signing is that you establish a trusted communication channel between sender and receiver.
But not only does the astaro save those keys without keyphrases and the private keys are accessible to administrators, it doesn't even verify the identity of the sender.
Anybody with access to subnets that are trusted by the astaro or with an account can use every key that is present in the system by changing his sender address.
|
Using the ASG for email encryption moves the endpoint of the trusted channel from the users e-mail client to the ASG. This doesn't mean the concept is fundamentally flawed, you just need to do it correctly. If users who you can't trust have access to your webadmin, you shouldn't use ASG email encryption, indeed (probably, your whole security concept is flawed then).
You still have a trusted channel between your ASG and the recipient - and that is the intention of the system.
If you need security in your internal network, you need to encrypt directly in your mail client - there is no possibility to let any kind of gateway do that.