On Wed 2018-01-24 16:11:58 -0500, Jean-David Beyer wrote: > On 01/24/2018 10:17 AM, Neil D. Donovan wrote: >> 2) Automatic decryption of received encrypted emails to the folder on >> the email server > > If I were sending you an encrypted e-mail, I presume I wish you to be > able to read it, but I surely would not wanting you to share its > contents with anyone else. So if I knew you would even be storing the > decrypted version of my email anywhere else
I agree with this sentiment. Storing the cleartext (or
cleartext-equivalent) on a remote untrusted server, or someplace that
makes it easy to get to, seems like a bad idea, and a loss of end-to-end
security that the sender is likely to expect. That said…
> (or even on your own computer)
i think this goes too far. Even in the most tightly-controlled
end-to-end scenario, my own computer is going to see a cleartext version
of this message. Whether my computer sees it briefly, or for a longer
period of time, the local user's endpoint still has access to it.
Given that there can be serious user experience wins from having a
locally-cached cleartext copy (or the equivalent, e.g. an index), it
seems like a bad idea to discourage people from using encrypted mail.
wouldn't you rather that they have an incentive to use encrypted mail
*more*, rather than falling back to cleartext?
--dkg
signature.asc
Description: PGP signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
