Am Mittwoch, den 16.03.2005, 01:46 -0800 schrieb Jon Callas:
Something that would help those of us doing crypto and IMAP would be
for IMAP to be less fussy about message size.
[...]
It would be very usefull, for me at least, if you could re-state your
use-case here. I'm getting the impression that I'm missing something
fundamental.
I'm always reading about server-side decryption. Some people seem to
see it as a solution for the "one big chunk of ciphertext" problem. I'm
not sure what else it would be good for.
For me, server-side decryption is a nightmare. Pure and evil.
It conflicts with my beliefs about how an end-to-end crypto solution
should work. Its not a solution, its a kludge and I'd much rather
address the *real* problem.
The server is completely untrusted. Much too much of my personal data
is on other's servers already. Organizations or people, who might have
different priorities in protecting it than I have. Thats why I use
end-to-end encryption when it matters.
If people say, adressing the real problem would require influencing the
senders behaviour, and we can't do that, and so we need a work-around
now -- fine. I can understand that. But still, shouldn't that prompt
us to think about wether we *need* to be able to influence the senders
behaviour in more ways than we can now?
P.S. Regarding IMAP and message sizes: If I get an encrypted message,
the size of the attachment *is* the message size. That decryption
yields a different size doesn't matter because it occurs on the client,
after download.
Regards
--
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff