On Wed 2018-01-24 16:11:58 -0500, Jean-David Beyer wrote: > On 01/24/2018 10:17 AM, Neil D. Donovan wrote: >> 2) Automatic decryption of received encrypted emails to the folder on >> the email server > > If I were sending you an encrypted e-mail, I presume I wish you to be > able to read it, but I surely would not wanting you to share its > contents with anyone else. So if I knew you would even be storing the > decrypted version of my email anywhere else
I agree with this sentiment. Storing the cleartext (or cleartext-equivalent) on a remote untrusted server, or someplace that makes it easy to get to, seems like a bad idea, and a loss of end-to-end security that the sender is likely to expect. That said… > (or even on your own computer) i think this goes too far. Even in the most tightly-controlled end-to-end scenario, my own computer is going to see a cleartext version of this message. Whether my computer sees it briefly, or for a longer period of time, the local user's endpoint still has access to it. Given that there can be serious user experience wins from having a locally-cached cleartext copy (or the equivalent, e.g. an index), it seems like a bad idea to discourage people from using encrypted mail. wouldn't you rather that they have an incentive to use encrypted mail *more*, rather than falling back to cleartext? --dkg
signature.asc
Description: PGP signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net