[PLUG] looking for secure space for a mail server

Daniel Johnson teknotus at gmail.com
Mon Jun 18 21:50:39 UTC 2018


On Mon, Jun 18, 2018, 1:50 PM Tomas Kuchta <tomas.kuchta.lists at gmail.com>
wrote:

> I have heard that security versus physical HW in colo argument so many
> times.
>
> In my opinion, a padlock is way less secure than well implemented crypto.
>
> The only security benefit I see from physical HW would be hosting it on
> premises - if your threat vector is suponea. Both VM or HW in colo can be
> legally accessed without your knowledge, which shouldn't be possible when
> hosting on premises.
>
> Cost or special snowflake HW would be another consideration. If one gets to
> rent 15U for $300 a month and if you can fully utilize that volume - you
> could save considerable $$ in certain load scenarios.
>
> Just my thoughts on possible value of real HW outside mainstream and
> home/office.
>
> Tomas
>
>
> If you want a cheap

subpoena resistant setup.
>

https://github.com/privacylabs/oasis
>


On Mon, Jun 18, 2018, 12:41 PM Louis Kowolowski <louisk at cryptomonkeys.org>
> wrote:
>
> >
> >
> > > On Jun 18, 2018, at 1:38 PM, Michael Rasmussen <michael at michaelsnet.us
> >
> > wrote:
> > >
> > > To stress "As others have suggested, you may be able to use a VM" - at
> > my final job before retirement (Large bank, Fortune 500, etc) everything
> > possible was migrated to in-house VMs.
> > > I want to say mail services were an early migration. In any case, the
> > entire mail infrastructure was run on virtual servers.
> > >
> > > There's no need for a physical server.
> > >
> > This is your opinion. We're not trying to determine if a VM is capable of
> > running *a* mail server. We're trying to determine what the requirements
> of
> > *his* mail server are, because that drives whether a physical server is
> > required.
> >
> > There may be a security requirement such as "no AES key leakage to other
> > tenants". In this case, he may not be able to use a VM. There are people
> in
> > the crypto community who believe that any system that needs secure crypto
> > should not be virtualized.
> >
> > Again, I'm trying to gather what the requirements are before stating what
> > the solution is.
> >
> > --
> > Louis Kowolowski                                louisk at cryptomonkeys.org
> > Cryptomonkeys:
> > http://www.cryptomonkeys.com/
> >
> > Making life more interesting for people since 1977
> >
> > _______________________________________________
> > PLUG mailing list
> > PLUG at pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>



More information about the PLUG mailing list