| End to end security. |
|
The Kolab Security Concept starts from the understanding that proven, tested and publicly reviewed technology is better understood and more secure than new, unproven and opaque solutions. It incorporates the knowledge that passwords are lost, laptops are stolen, and that providing more rewarding targets will bring about more resourceful attacks. Kolab therefore allows each client process to operate only with the authority and credentials of its user, protecting other users' data from a potentially compromised client. End to end security refers to the inner layer of security from one client to another, providing users with the safety that their mail – even if captured or intercepted on the server – is still protected by some of the best cryptography available. Kolab was initially created for the needs of the German Federal Office for Information Security (BSI) by contract in 2002-2004 and is used there in a heterogeneous production environment ever since. This origin led to a security-centric design with staged defence from the graceful degradation of security on the server in case a single user's credentials have been compromised, to end-to-end security for the primary Kolab client such as Kontact/KDE4 on GNU/Linux, Windows1 and Mac OS X2, as well as Outlook on Windows. A Kontact client for Windows Mobile and Maemo 5/6 will become available around the end of 2010. All these clients provide state of the art end-to-end security through the Kolab Crypto Stack: GnuPG, the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880 and Kleopatra, the KDE based certificate manager for OpenPGP and X.509 (S/MIME) for easy and comfortable administration of your keys and certificates. Kolab incorporates proven components that have been designed by experienced professionals and tested by hundreds of thousands of users over many years, e.g. Postfix by IBM security expert Wietse Venema. The result is software that has been hardened and tested in many scenarios, resulting in a stable, reliable and secure solution for all users of Kolab. Because the Kolab smart client aggregates your data from any number of Kolab servers, data is kept properly separated between different entities, such as your company, your business partners, and your family, preventing accidental disclosure and the chance of capture for all of your data at the same time. This allows to use the same coordination mechanisms across organizational boundaries, e.g. public bodies working with private entities or lawyers ensuring confidentiality for each of their clients. 1. Kontact for Windows is currently in beta state. |