At 10:06 PM 6/9/97 -0400, Marc Horowitz wrote:
To me, mail encryption is not communications encryption. The mail message is encrypted, just like a file might be. Then those encrypted bits are sent over the net. It is precisely because I have access to the ciphertext as a separate entity that this is not communications encryption.
An interesting perspective, but I don't know that it works. For this to make sense, either the business needs to have access to the stored received email if the user gets run over by a police car, or else the business needs to know that it doesn't _need_ access - either because the mail isn't business related, or because the business-related parts have been transferred to other systems using a convenient user interface. On the other hand, if receiving email with encrypted attachments is _in_convenient to store in a mail system, maybe it will help encourage people not to use that mail system for storing messages, or to junk the mail system entirely :-) (I'm thinking here of systems like IBM PROFS and Microsoft Mail, which both encourage storage in their monolithic mailboxes.
The *only* reason to escrow communications keys is to spy on people; there is never an opportunity for data loss here. Yeah! (Actually, the other reason to escrow them is because you're using the same keys for communication and storage, and you have potentially decent business reasons for backup of storage keys, but that's only the case if you're not using a sufficiently flexible cryptosystem and are using key backup instead of data backup, which is really the preferred approach anyway.)
# Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)