[lost attributions, sorry]

...

I could do an ascii upload of my secret key and never expose my key to disk-storage.

This is even more dangerous than storing it on the disks of a multi-user machine. Unless you are running in a kerberos environment it is trivial to snoop your upload off the network...

I don't find the risk of a real-time snoop to be as bad as the risk of a future snoop finding my private key alongside encrypted files that have been stored forever (backups). To mitigate either problem, how about having two layers of encryption: a private key to decrypt files for reading on a public machine, and a second public/private pair to reencrypt the files for storage and transmission to the home machine. The public machine knows the first private key (if snooped) and the second public key; only the home machine knows the second private key. Snooping the first private key compromises only unread and future messages until the key is changed. Messages archived in the reencrypted state are secure, but messages archived in the unread state with the first private key are still compromised forever. Is backing up mail directories a common practice? Are there (probably system-dependent) ways to avoid backups, such as anticipating or detecting when backups are about to occur, hidden directories, file permissions, etc? Also, this system introduces some user hostility, in that reencrypted files cannot be read again until moved to the home machine. Another idea is to implement the relevant features of Kerberos in a high-level client/server package that can be used to secure personal network communications of this kind. The package could be distributed with PGP. Nick Szabo szabo@techbook.com