At 01:11 PM 8/29/00 +0200, Tom Vogt wrote:

Tim May wrote:

...

...

are you required to provide your private keys to an enemy (e.g. someone who is sueing you) ? .. I expect 95% or more of all encryption is done at the transport layer, i.e., for transmission. Most peoplee, I surmise, keep their original compositions in unencrypted form and their decrypted transmissions in that form, too. The perceived threat model is for interception by ISPs, snoops, and government agencies.

that's where good software comes in. mutt, for example, stores the received encrypted mail - well, encrypted. decryption is done when you view the mail. also, encrypted mails you send are encrypted twice - once with the receipient's key and sent to him, once with your key for your "outbox" archive.

The Eudora PGP Plug-In deliberately decrypts received mail and stores it unencrypted, specifically to discourage the "You must escrow your private keys so we can decode your plaintext" attacks that the FBI/NSA/WhiteHouse anti-crypto mafia were pushing a couple of years ago. That's a different issue from storing your mailbox in a PGPdisk volume or some other encrypted filesystem or having the mail decryptor re-encrypt for storage with a different key (which wouldn't be that hard, since you could use a different public key to encrypt the session key and leave the symmetric-encrypted part of the message alone.) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639