bug-anubis
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-anubis] General Security Question


From: Sergey Poznyakoff
Subject: Re: [bug-anubis] General Security Question
Date: Thu, 17 Nov 2005 14:09:52 EET

Hi Timo,

> I successfully installed Anubis and it signs every outgoing mail of me
> (like you can see at the end of this mail :-) with my GPG key.

Great, I am pleased to hear that.
 
> Using Anubis, I am supposed to write my passphrase in a database on
> the  Anubis-computer.

No, this is not so. Your password, as well as the rest of your
configuration settings, is stored in your personal Anubis configuration
file (usually $HOME/.anubisrc), which should have the access bits 0600,
i.e. only its owner (i.e. you) can read it.

Of course, the superuser can read whatever files are on the system. It
is normal for any environment. If you don't trust the administrator, you
should not use his/her server at all.

> The second problem I see is, that a person who is able to log into the
> Anubis SMTP Relay, may write messages and let Anubis sign it with MY
> key.

No, it is not right, either. Before getting access to Anubis services,
any user is authenticated first. Successful authentication determines
the user identity, basing on which Anubis will select the profile to
use for this user. The exact way of authentication depends
on the Anubis mode, please refer to the documentation for the detailed
discussion
(http://www.gnu.org/software/anubis/manual/html_chapter/anubis_4.html#SEC4).

This boils down to the same corollary as with any authentication: unless
you let someone steal your credentials, you can be sure that only you
can use your settings.

> Is there another possibility to let Anubs sign my messages but without
> saving my passphrase on the server?

The only feasible option is to install Anubis on your machine. Then you
will have full control over it.

Regards,
Sergey




reply via email to

[Prev in Thread] Current Thread [Next in Thread]