[Recipient list trimmed somewhat]
"Robert R. Jueneman" <bjueneman(_at_)novell(_dot_)com> writes:
Finally, somewhere in these documents there is a statement regarding the
advisability of including the content encryption key encrypted in the
originator's public key, but despite rereading the documents multiple
times I can't find that text again. As I recall, the text said that this
SHOULD be done. I would argue that this should be changed to MUST, for I
can't imagine a situation where the originator of an encrypted message
would not want to be able to read his own message,
Given that anyone who wants to re-read their own messages will keep a copy
stored locally, why on earth would they go through the complex encrypt->
decrypt process just to read what they've written? I think even the presence
of SHOULD is too restrictire for this, it's purely a matter for the sender to
decide and doesn't really have any place in MSG - for the majority of users
all it'll do is double the number of keys available for attack. Anyone who
needs sent-mail revocation and whatnot desperately enough can go use X.400
for their mail.
Peter.