Ahhhh, now if one could implement a message that self- destructed on the recipient's machine, that would start to improve security against the above outlined threat. I've toyed with the notion of integrating contracts negotiation into clients, such that mailers automatically delete messages agreed earlier to have a TTL.
That's been done, by "Disappearing Inc". www.disappearing.com/ says they're now owned by Omniva.
The proprietor gave a talk at a Cypherpunks meeting some years ago, after they'd done a big Scannelly splash in USA Today. He started out by identifying the problem he was trying to solve, which is for routine document destruction - a cooperating sender and receiver want to know that their message will disappear after some time if neither of them tries to make other copies or work around the system; the problem of making a truly non-copyable system is snake oil that he wasn't going to try to sell.
The system creates a session key and a cookie, which it sends to a policy server, encrypts the message with the session key, and includes the cookie and encrypted message in the email.
The recipient's mail client handles and stores the encrypted message, and when the recipient wants to read it, he runs a Disappearing Inc. crypto client which sends the cookie to the policy server, gets the session key, and decrypts the mail in a viewer program.
After whatever timeout the sender specifies, the policy server deletes the key and cookie, so the recipient can no longer decrypt the message. Originally the business model was that Disappearing Inc. ran the policy server, and it was accessible using https or whatever, but they later also started selling servers to customers.
The system obviously doesn't stop the recipient from screen-scraping the message (don't remember if it supported cut&paste), but it's designed for the Ollie North problem "What do you mean the email system backs up all messages on optical disk? I thought I deleted the evidence!" or the business equivalent (anti-trust suit wants all your correspondence from the last 17 years.)
It's not a perfect system - courts can order the policy server not to delete any data, for instance - but any data that has been deleted before then has really been deleted, assuming the policy server's disk isn't also backed up on optical. And Ed Gerck gets to know that his message was transmitted with adequate encryption under control of the sender.
Bill Stewart [EMAIL PROTECTED]
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]