This private key cannot be exported from the key itself. Some of us use yubikeys and nitrokeys with the private key stored on such a hardware token. When also sending works fine with external keys, the Bridge gives a pretty good starting point for "normal use cases", delivering a secure base service with possibility for even higher security for the advanced use cases - all this without adding even more complexity than strictly needed.Īnd if you wonder why external keys are needed. In regards to certificates, they are generated on-the-fly if not present. In this case your VPN server fends off all attacks towards your IMAP/SMTP ports from non-authenticated connections coming from the Internet. The Bridge is also getting into shape (still a few things missing, though) to better handle both encrypted and signed mails using external keys (not known by ProtonMail). If you put your Bridge behind a properly configured and secured VPN, I would be less concerned. The Bridge solves that issue nicely and mostly isn't ending up as an obstacle to the users. Yes, the TLS adds encryption on top of SMTP and IMAP. So when mailing anyone () without utilizing PGP or S/MIME, the mail provider will be able to retrieve and see all the data being sent. My mail client runs a cronjob to fetch emails from proton bridge on periodic basis and there the email is not marked as delete in upstream IMAP server or the mail stays somewhere in local cache of proton bridge. Which would degrade the security of the service to a plain unencrypted email service. In the moment you pull in SMTP and IMAP, the mail provider is able to inspect, collect and and parse all the data passing their SMTP and IMAP servers. If I delete my email in my local mail client, I see that the same email appears again. This complexity is most likely too much for even many of those capable of doing it. Plus getting each recipients public key added to really enable E2EE. 2 Add Account to Bridge Launch the Bridge, and follow the wizard to add your ProtonMail account to the Bridge. But it would require the mail client to be set up correctly with PGP support and the private PGP key from ProtonMail to work. The Bridge uses IMAP/SMTP to encrypt emails with the said email client. Well, it could theoretically be possible to provide the PGP encrypted data via such an IMAP connection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |