This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Using mail as an encrypted data archive From: simonst@WellsFargo.COM Date: Thu, 9 Mar 2000 12:07:42 -0700 Any suggestions for using Unix mail to store (possibly large amounts of) encrypted data on an intranet? Data to be stored might be sent as encrypted (PGP, GnuPG) e-mail to, for example, MyArchive@MyServer. It might not be read for a long time. The archive contents would be available by logging on to MyServer as MyArchive & checking the mail. Data files could be recovered from the archive by reading & forwarding, possibly also leaving in the "in" queue. It would be nice if the actual "in queue" data didn't have to reside only on MyServer. I would appreciate your comments & recommendations (especially specific MUA's & MTA's). The solution will have to coexist with the usual corporate Outlook/Exchange setup. It would be nice to be able to use Outlook to send/receive small files to the archive, as well as see the in-queue. === Subject: Re: Using mail as an encrypted data archive -- Rationale for Opposition From: John Wenger <JohnWenger@earthlink.net> Date: Thu, 09 Mar 2000 14:45:32 -0800 Simon, These are interesting ideas. Unfortunately, because I am emotionally, morally, and politically opposed to acting in ways that facilitate Microsoft's growth and profitability, I choose not to provide you with my "comments & recommendations (especially specific MUA's & MTA's)." With this exception, I suggest that you request Microsoft to make all of their products fully Unix/Linux compliant in order to facilitate your project. This would help many others, too. Beyond that, consider this analogy. If you were an American Jew early in WW2, how would you feel about providing technical assistance to people helping develop more efficient gas chambers for the Nazis? Surely, if you knew the intended use of those chambers, you would choose not to help this project. I have tried to compose this response carefully, so as to not flame you personally since that is not my intention, but rather to clarify for you why I am opposed to helping this project. I really do not want to further Microsoft's growth in the financial sectors. There is just too much money to be made, and too much potential for locking out Linux users from online financial transactions, etc. Sincerely, John simonst@WellsFargo.COM wrote: snipped. > > I would appreciate your comments & recommendations (especially specific > MUA's & MTA's). > The solution will have to coexist with the usual corporate Outlook/Exchange > setup. It would be nice to be able to use Outlook to send/receive small > files to the archive, as well as see the in-queue. === Subject: Re: Using mail as an encrypted data archive -- Rationale for Opposition From: Deirdre Saoirse <deirdre@deirdre.net> Date: Thu, 9 Mar 2000 16:21:24 -0800 (PST) On Thu, 9 Mar 2000, John Wenger wrote: > With this exception, I suggest that you request Microsoft to > make all of their products fully Unix/Linux compliant in > order to facilitate your project. This would help many > others, too. Microsoft is irrelevant. And you're going in my killfile. === Subject: FW: Using mail as an encrypted data archive -- Rationale for Oppo From: simonst@WellsFargo.COM Date: Thu, 9 Mar 2000 16:29:29 -0800 The encrypted data archive project is for Unix-to-Unix machines only. It would not normally use the corporate mail servers at all, but I wouldn't rule out small amounts of data coming in. I also hope the project uses "open software" such as Gnu compilers & tools, GnuPG, etc. There's not much I can do about corporate mail, but how would this project help support Microsoft? === Subject: Re: FW: Using mail as an encrypted data archive -- Rationale for From: John Wenger <JohnWenger@earthlink.net> Date: Fri, 10 Mar 2000 01:27:55 -0800 A systems engineer once taught me that he who controls the requirements controls the project. I think that this is pretty much true. Given this, your statement: "The solution will have to coexist with the usual corporate Outlook/Exchange setup." means that "coexistence with the usual corporate Outlook/Exchange setup" is a requirement for your solution. This requirement, which I suppose comes from your management, has its technical content defined by Microsoft. This helps Microsoft by allowing it to partially control the requirements of your project. This is the answer to your question below: "..., but how would this project help support Microsoft?". John P.S. I have been somewhat hper-alert to the creeping assimilation practiced by Microsoft since a friend from LA recently told me about his attempts to invite Linux Torvalds to the Tonight Show. It turns out that the Tonight Show is on a network partially owned by Microsoft, and the Tonight Show officials told my friend that they would need to first check with Microsoft before even beginning to proceed to arrange for Linus's appearance. Someone recently quipped here that "Microsoft is irrelevant". I wish that this hypothesis were true, but my friend's report about the Tonight Show does not support this hypothesis. Other events failing to support this hypothesis include Netscape's fate after Microsoft attacked, Java's deceleration after Microsoft attacked, and the DoJ suing Microsoft for anticompetive business practices. For these, and other reasons, I conclude that the data do not support the "Microsoft is irrelevant" hypothesis. John simonst@WellsFargo.COM wrote: > > The encrypted data archive project is for Unix-to-Unix machines only. It > would not normally use the corporate mail servers at all, but I wouldn't > rule out small amounts of data coming in. I also hope the project uses > "open software" such as Gnu compilers & tools, GnuPG, etc. > > There's not much I can do about corporate mail, but how would this project > help support Microsoft? > snipped. > > > > I would appreciate your comments & recommendations (especially specific > > MUA's & MTA's). > > The solution will have to coexist with the usual corporate > Outlook/Exchange > > setup. It would be nice to be able to use Outlook to send/receive small > > files to the archive, as well as see the in-queue. ________________________________________________________________________ This message was sent by the balug-talk mailing list. To unsubscribe: echo unsubscribe | mail -s '' balug-talk-request@balug.org Subject: Re: FW: Using mail as an encrypted data archive -- Rationale for From: John Wenger <JohnWenger@earthlink.net> Date: Fri, 10 Mar 2000 01:27:55 -0800 A systems engineer once taught me that he who controls the requirements controls the project. I think that this is pretty much true. Given this, your statement: "The solution will have to coexist with the usual corporate Outlook/Exchange setup." means that "coexistence with the usual corporate Outlook/Exchange setup" is a requirement for your solution. This requirement, which I suppose comes from your management, has its technical content defined by Microsoft. This helps Microsoft by allowing it to partially control the requirements of your project. This is the answer to your question below: "..., but how would this project help support Microsoft?". John P.S. I have been somewhat hper-alert to the creeping assimilation practiced by Microsoft since a friend from LA recently told me about his attempts to invite Linux Torvalds to the Tonight Show. It turns out that the Tonight Show is on a network partially owned by Microsoft, and the Tonight Show officials told my friend that they would need to first check with Microsoft before even beginning to proceed to arrange for Linus's appearance. Someone recently quipped here that "Microsoft is irrelevant". I wish that this hypothesis were true, but my friend's report about the Tonight Show does not support this hypothesis. Other events failing to support this hypothesis include Netscape's fate after Microsoft attacked, Java's deceleration after Microsoft attacked, and the DoJ suing Microsoft for anticompetive business practices. For these, and other reasons, I conclude that the data do not support the "Microsoft is irrelevant" hypothesis. === Subject: Re: FW: Using mail as an encrypted data archive -- Rationale for From: Chris Maresca <ckm@crust.net> Date: Fri, 10 Mar 2000 10:17:02 -0800 (PST) Dude, get a life. Embrace and extend works both ways, and there is no way that standards, esp. for something as critical as email, are going away anytime soon. People choose what works, so open source just has to work better. So far, it has. Besides, most of the documentation for quasi binary format that MS uses to communicate with Exchange is publically available and several companies/individuals have written software to decode 'proprietary' Outlook<->Exchange messages. This kind of paranoia is NOT helpfull. It's positively harmfull. Back to the previous topic... As for integrating with Outlook, your biggest problem is the .tnef (.tnf?) files that are generated when operating in rich text mode. These will sometimes contain other information/files. If you are pretty sure that your future clients will be MS something, you can probably leave them alone. Otherwise, there are several freeware extractors for this format. You can also roll your own, the spec is on MS's site. It's a typical stream oriented binary format. === Subject: Re: Using mail as an encrypted data archive From: J C Lawrence <claw@cp.net> Date: Mon, 13 Mar 2000 14:01:59 -0800 On Thu, 9 Mar 2000 12:07:42 -0700 simonst <simonst@WellsFargo.COM> wrote: > Any suggestions for using Unix mail to store (possibly large > amounts of) encrypted data on an intranet? I'd be tempted to go for something like: Postfix for the MTA Cyrus IMAP server for mail storage (gets the mail out of your spool and MTA's hands, scales nicely, and has a pleasantly secure design) IMAP server configured for pathalogical logging (I presume the data needs audit trails) TCP Wrappers on everything. Local and remote syslog loghosts. Syslog-ng for better control of log files. One of the WebMail packages running under mod-ssl to allow easy access to the mail store in addition to local and remote IMAP clients. I happen to be rather fond of WorldPilot under Zope (http://demo.worldpilot.com:8080/site/) tho Twig (http://twig.screwdriver.net/) also works well (I'm moving from Twig to WorldPilot). > Data to be stored might be sent as encrypted (PGP, GnuPG) e-mail > to, for example, MyArchive@MyServer. It might not be read for a > long time. Does it need to be read in-place on the storage server, or can decryption be the responsibility of the MUA/user at the time of reading? ===