I am considering a rollout of email encryption, and trying to grasp the hidden risks to consider.
General
- For some of the reasons below, it seems necessary to enable the option "Quarantine unscannable and encrypted content" on the Malware tab. Can someone confirm whether this is enforced on both inbound and outbound traffic, or inbound traffic only?
- After making the above change, I may want to specify both the external users who are allowed to send encrypted messages and the internal users who are allowed to receive encrypted messages. The documentation for this is pretty fuzzy. I am guessing that Exempt from "AntiSpam" checking will do this, while exempting from "Email Encryption" will perform an unrelated function of ensuring that an outgoing message is never encrypted by UTM. Can anyone confirm this? I am looking for a way to disable only the quarantining of encrypted content, but that does not seem to be available.
- It appears that UTM signing, verifying, encrypting, or decrypting at UTM will be documented with a comment block added to the front of the Subject line. So all of my later questions about disposition really come down to "the recipient gets the message and does what he wants based on the tag". Of course, adding a tag disrupts the ability to do DKIM checks downstream.
- The UTM strategy of "encrypt whenever possible" might be a problem for the recipient, depending on how often his email client requires him to enter his private key password as he reads his mail. I don't know how to judge this without testing lots of email clients.
- UTM just updated the algorithms for S/MIME to comply with GDPR. What algorithms does UTM support for OpenPGP, and will they need an update to be GDPR-compliant?
- How do I assess whether my encryption technology (S/MIME or OpenPGP) will work with another organization's implementation of the same technology, other than to give it a try and wait for failures?
PGP / OpenPGP
- It appears that a PGP public key can be retrieved from a keyserver using only an email address. Spammers have collected billions of email addresses. If I publish my public key to a keyserver, the spammers can retrieve my public key and send me an encrypted message in hopes of penetrating my spam filters. Of course, if I do not publish to a keyserver, my desired correspondents may have frustrations when trying to obtain my public key. (If I use UTM to decrypt messages, my spam risk goes down but I no longer have data encrypted at rest or encrypted to the final recipient, which makes the result similar to TLS transmit encryption.)
- The spam threat is increased if I accept encrypted email that is not signed, since signing the message increases the visibility of the spam source. Does UTM have a way for me to specify the disposition of emails that are encrypted but not signed?
- Suppose I use a keyserver to obtain the public keys of others. How do I know that all of the public keys that I see for Example.com were actually published by Example.com? I don't want a spammer to create a bogus key for someone@example.com and use the bogus key to create a bogus signature to facilitate social engineering of my users.
- What is the UTM policy for email with unverifiable signatures? Is this something that I can configure?
- What enforcement does UTM perform to see if the PGP signing email address matches the Message Header From Address or the SMTP Authenticated-As Address, or both? SMTP Authenticated-As is difficult (but not impossible) to match with a signature because it often has the username encoded using BATV, SRS, for VERP techniques. If there is no enforcement, doesn't that weaken the whole concept? Where is this documented or configured?
- How do I configure whether or not signatures are added to non-encrypted messages? I am swayed by those who say you should not attach a signature on messages to recipients who cannot interpret it, but this does not seem to be configurable in UTM, and the needs for S/MIME are probably different than for OpenPGP.
S/MIME
- Public key exposure does not seem to be a concern, because the lookup is not based on the email address alone. Nonetheless, I still want to reject email that is encrypted without being signed, and quarantine mail that has an unverifiable signature. Document does not seem to explain
- The normal way to initiate encryption is to send a signed-but-not-encrypted email in each direction, but I would still like to avoid nuisance signatures for messages that are going to organizations that cannot utilize them.
- There is the related problem that UTM allows a user to have both OpenPGP and S/MIME keys. If automatic signing is enabled, how does UTM know which signature to send to which organization when doing sign-but-not-encrypt? I guess it will attach both signatures until the recipient replies and provides a public key that UTM can use to pick the recipients signature technology. Can anyone confirm or correct that guess? Dual signature attachments will be a real nuisance for recipient organizations that understand neither.
- The question of synchronization between incoming signatures and from address is also a concern with S/MIME. This may be addressed in the standard, but it would be desirable to have UTM documentation on what is done. I have also not seen it addressed in my reading about client-based S/MIME implementations.
- Some documentation talks about triple-wrap, where the message is signed before and after encryption. Does UTM do this on outbound mail? Does it understand this on incoming mail?
Evolving convictions:
- Do not use PGP keyservers.
- Even if all signing and encrypting is performed at the email client, or if no outbound encryption is performed at all, it is probably desirable to have UTM verify signatures.
This thread was automatically locked due to age.