Hi Bill,
--On Friday, March 11, 2005 05:15:02 PM -0800 Bill Frantz
<frantz(_at_)pwpconsult(_dot_)com> wrote:
I understand, from Derek's draft minutes of the OpenPGP meeting, that the
problem is that the remote client is in a low-bandwidth environment, such
as a cell phone. I understand this statement to mean that the
communication link is low bandwidth. However, PGP encrypted messages are
close to the size of the corrisponding plain text, so I don't see how
having an IMAP server decrypt the message is going to help.
If, on another hand, the remote client is limited in CPU power, this
system seems to place the largest CPU load, the public key operation to
extract the plain text key, on the client, and the relatively low CPU
load of the private key operations to decrypt the message on the IMAP
server.
I conclude from this reasoning that I don't understand the problem.
Could you please explain.
Consider the case of a message with a small text part and a large
attachment. On your mobile device you might want to only read the text
without paying the penalty of downloading the attachment. If the message
data is unencrypted the client can use the IMAP protocol to download only
the text part. However, if the message is encrypted in one single
multipart/encrypted part, then the client has to download all the data in
order to decrypt and extract only the text.
A better solution would be to have the message decrypted on the server and
stored in its unencrypted form with multiple parts - then the client can
fetch just the text.
Same principal applies for a message that is only signed, and the mobile
device wants to read only the text part, but verify the signature.
There are similar considerations for the client when it wants to create a
signed or encrypted message with parts that already reside on the server.
--
Cyrus Daboo