John Hasler <jhas...@newsguy.com> writes: > Do you really need to archive each message in individually encrypted > form? If you are concerned about the security of local copies I would > think you would already be using disk or file system encryption.
No, I am OK with keeping unencrypted local copies, at least on my home machine. I only expect "pretty good" privacy over the pipes, not "protection from an FBI home raid" privacy for local copies of my email. (I don't use disk encryption but probably should.) The issue is simply: what's the best way to do this? My setup uses offlineimap to sync a Gmail account (berkeley.edu's institutional choice...) to a local Maildir. Mutt only temporarily decrypts messages when I read them, unless I manually store an unencrypted copy somewhere. So to accomplish the suggested setup conveniently with the programs I currently use, I think I would need to: 1) Tell Mutt to automatically save messages somewhere when I decrypt them. (Is there an option for this? I only see fcc_clear, which is for outgoing messages. Should I call decrypt-save from message-hook?) 2) Tell offlineimap *not* to sync the decrypted messages folder back to Gmail. (Easy enough with offlineimap filters.) 3) Tell notmuch to index the decrypted messages folder. (Again, should be easy enough.) Does that sound reasonable? Do others have similar setups? I find it sort of telling that I didn't come across recommendations for setting things up this way when I was configuring these programs. I'm a bit surprised that there doesn't seem to be a "standard" solution for reading and searching archived mail that arrived encrypted. (I'm also a bit dismayed, since part of my concern is to find a solution that doesn't just work for me, but to which I can point non-technical users when I ask them to send me encrypted messages.) It still feels very much like email encryption is possible for the dedicated, but inconvenient enough for the average user -- and even for fairly technical users -- that most will avoid it. I guess I'll try to write up a blog post about how I solve these problems, once I get a working configuration. A more comprehensive solution will have to await someone more talented than me. -- Best, Richard -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87k3l8ddol....@berkeley.edu