The government and its friends have tried for a while to convince the public that there's a great business market for access to keys by the Proper Authorities, whether bosses or cops. A number of us on the Pro-Privacy side have contended that this is wrong - the business need is for later access to stored files, not to encrypted communications keys and of course not to signature keys. Having argued that point vociferously in the past, I'm now going to waffle on the issue - while the business need is for access to stored data, this may often include stored messages received from a communication system in encrypted form. Either the User Interface needs to make it convenient to store the decrypted message, or else the user will store the message in encrypted form - which means there may be a business need for Proper Authority Access later. This means, as {cypher,coder,ranter}punks, we need to address this problem when building crypto tools, to avoid building systems that create or sustain a business need for access to communication keys. Some email systems really encourage you to save messages in one big hulking undocumented monolithic email box, with subfolders and databases and attachments and pointers, and some are a bit more friendly but still leave bits and pieces of MIME splattered on your disk. Some of the nicer tools I've used for encrypted file/mail handling make it convenient to take encrypted incoming mail, decrypt it, and either view it or save it to a file or clipboard. I've been using PGP Inc.'s PGP5.0 Eudora Plug-In, and it decrypts the mail into the mail message buffer itself. When you finish with that particular message (e.g. go to the next, or just close it), you get asked it you want to save the modified message, and if you say "yes" you'll have the decrypted message in your mailbox. However, there's a negative about this - if you receive mail that's signed and encrypted, and save the modified version, it loses the signature information - so it may be more valuable to save the encrypted version... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)