--===============0312510125== Content-Disposition: inline Content-Type: multipart/alternative; boundary="Boundary-00=_qhRJKOi3pr6KETD" Content-Transfer-Encoding: 7bit --Boundary-00=_qhRJKOi3pr6KETD Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable On Tuesday 02 June 2009 08:28:30 Mike Gabriel wrote: Hi Mike, > this is indeed very good news!!! i must admit i haven't had a spot on > the konsec connector yet. > > please provide me with a preview download URL, so i can catch up on this.= =2E. http://download.konsec.com/beta/KONSEC_Konnektor_2_3_0_16_de_ALPHA.zip Please note that this version ist not officially released and does not=20 encrypt the private data. It only denies Outlook access to the private=20 properties. > > As a next step I will come up with a proposal how to properly improve t= he > > current system using proper encryption. > > > > The current implementation relies upon enforcement of the access control > > to private objects in the MAPI Storage Provider. From the point of view > > of Outlook this MAPI Storage Provide is a server but from a security > > point of view the MSP is still running in the context of the client > > workstation not of the Kolab server. > > > > IMHO this simple Exchange compatible approach is already a big > > improvement compared to simply not addressing this issue. I expect a > > number of people are already fine with this implementation. (****) > > > > In the future I want to have proper cryptographic methods used. > > Though this is > > not trivial to get right. > > > > - Owners of a private object are all those Kolab users with adminstrati= ve > > privileges on the corresponing folder. > > > > - Only Owners can create, copy, move and delete private objects. > > > > - If non-Owners with write permissions create such objects they > > effectivly either loose control (what MS Exchange does) or the flag is > > removed by the Connector/Konnektor when storing. The Middleware might > > decide to warn the user > > about this. > > > > - Private properties within a private object are encrypted and decrypt= ed > > using a folder specific symmetric key. > > > > - Only Kolab users with > > > > - The distribution/maintenance of this symmetric(***) key is non-trivial > > > > - The basic idea is that the folder specific symmetric key is ONLY > > available to those users with administration priviledges on this folder. > > (I am currently > > not sure how this is implemented best) (*) > > > > - Whenever someone is removed from the list of users with administrative > > priviledges from the folder ALL private objects need to be reencrypted > > with a newly created symmetric key. (**) > > > > (*) I am wondering how this is to be implemented. > > The main point is that this is slowly changing folder specific > > information which shall only be available to users with adminstrative > > priviledges. Does anyone have a great idea how this can be implemented? > > > > (**) Due to the inherent incoherent nature of Kolab (offline clients > > etc.) we must beware of race conditions and provide a mechanism to avoid > > these. (This is solvable though!) > > > > (***) Choosing a symmetric key method is simple but has some drawbacks. > > E.g. it does not protect from a malicious server/backup administrator. I > > consider this acceptable though as long as it is well documented. > > > > (****) Of course the current implementation can trivially be > > subverted using a > > client which does not honour the privacy flag. As a first step I will > > therefore ask the KONSEC developers to encrypt all private properties > > using a single static key (no key management in the first step). This > > denies access to > > all non complying clients. Extraction of this hidden key from the > > proprietary Konnektor is possible though really not trivial. > > > > I am looking forward to your feedback. Yours, =2D- martin =2D-=20 e r f r a k o n Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker Sitz: Adolfstra=DFe 23, 70469 Stuttgart, Partnerschaftsregister Stuttgart P= R 126 http://www.erfrakon.com/ --Boundary-00=_qhRJKOi3pr6KETD Content-Type: text/html; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable

On Tuesday = 02 June 2009 08:28:30 Mike Gabriel wrote:

Hi Mike,

> this i= s indeed very good news!!! i must admit i haven't had a spot on

> the ko= nsec connector yet.

>

> please= provide me with a preview download URL, so i can catch up on this...

http://down= load.konsec.com/beta/KONSEC_Konnektor_2_3_0_16_de_ALPHA.zip

Please not= e that this version ist not officially released and does not encrypt the pr= ivate data. It only denies Outlook access to the private properties.

> > A= s a next step I will come up with a proposal how to properly improve the

> > c= urrent system using proper encryption.

> >

> > T= he current implementation relies upon enforcement of the access control

> > t= o private objects in the MAPI Storage Provider. From the point of view

> > o= f Outlook this MAPI Storage Provide is a server but from a security

> > p= oint of view the MSP is still running in the context of the client

> > w= orkstation not of the Kolab server.

> >

> > I= MHO this simple Exchange compatible approach is already a big

> > i= mprovement compared to simply not addressing this issue. I expect a

> > n= umber of people are already fine with this implementation. (****)

> >

> > I= n the future I want to have proper cryptographic methods used.

> > T= hough this is

> > n= ot trivial to get right.

> >

> > -= Owners of a private object are all those Kolab users with adminstrative

> > p= rivileges on the corresponing folder.

> >

> > -= Only Owners can create, copy, move and delete private objects.

> >

> > -= If non-Owners with write permissions create such objects they

> > e= ffectivly either loose control (what MS Exchange does) or the flag is

> > r= emoved by the Connector/Konnektor when storing. The Middleware might

> > d= ecide to warn the user

> > a= bout this.

> >

> > -= Private properties within a private object are encrypted and decrypted

> > u= sing a folder specific symmetric key.

> >

> > -= Only Kolab users with

> >

> > -= The distribution/maintenance of this symmetric(***) key is non-trivial

> >

> > -= The basic idea is that the folder specific symmetric key is ONLY

> > a= vailable to those users with administration priviledges on this folder.

> > (= I am currently

> > n= ot sure how this is implemented best) (*)

> >

> > -= Whenever someone is removed from the list of users with administrative

> > p= riviledges from the folder ALL private objects need to be reencrypted

> > w= ith a newly created symmetric key. (**)

> >

> > (= *) I am wondering how this is to be implemented.

> > T= he main point is that this is slowly changing folder specific

> > i= nformation which shall only be available to users with adminstrative

> > p= riviledges. Does anyone have a great idea how this can be implemented?

> >

> > (= **) Due to the inherent incoherent nature of Kolab (offline clients

> > e= tc.) we must beware of race conditions and provide a mechanism to avoid

> > t= hese. (This is solvable though!)

> >

> > (= ***) Choosing a symmetric key method is simple but has some drawbacks.

> > E= =2Eg. it does not protect from a malicious server/backup administrator. I

> > c= onsider this acceptable though as long as it is well documented.

> >

> > (= ****) Of course the current implementation can trivially be

> > s= ubverted using a

> > c= lient which does not honour the privacy flag. As a first step I will

> > t= herefore ask the KONSEC developers to encrypt all private properties

> > u= sing a single static key (no key management in the first step). This

> > d= enies access to

> > a= ll non complying clients. Extraction of this hidden key from the

> > p= roprietary Konnektor is possible though really not trivial.

> >

> > I= am looking forward to your feedback.

Yours,

-- martin

--

e r f r a k= o n

Erlewein, F= rank, Konold & Partner - Beratende Ingenieure und Physiker

Sitz: Adolf= stra=DFe 23, 70469 Stuttgart, Partnerschaftsregister Stuttgart PR 126

http://www.= erfrakon.com/

--Boundary-00=_qhRJKOi3pr6KETD-- --===============0312510125== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Kolab-users mailing list Kolab-users@kolab.org https://kolab.org/mailman/listinfo/kolab-users --===============0312510125==--