> Better yet, the MUA should just automatically generate a local > self-signed cert before saving the message in the Sent folder.
This is an exceptionally good idea! Just be sure that if this is the first time that a keydb password is needed, and therefore the user is prompted to pick a password, that the password prompt is clear and opportune. I remember seeing the single-signon demos a few years ago, and thinking that the initial database password prompt came at a very confusing time. _I_ knew what was going on, but a first-time user would be lost. Musing further, perhaps if the user clicks "cancel" on the password prompt -- declining to choose a password -- maybe he should be given the choice of either having no password for the db, or just not filing a copy of this message in the Sent folder. (Note that awhile back we spoke here about making it easy for a user to create a self-signed cert, for all the people who have no use for Recognized CAs but who are comfortable with fingerprints.)
