Finally, somewhere in these documents there is a statement regarding the
advisability of including the content encryption key encrypted in the
originator's public key, but despite rereading the documents multiple
times I can't find that text again. As I recall, the text said that this
SHOULD be done....
Given that anyone who wants to re-read their own messages will keep a copy
stored locally, why on earth would they go through the complex encrypt->
decrypt process just to read what they've written? I think even the presence
of SHOULD is too restrictire for this,
...
Anyone who
needs sent-mail revocation and whatnot desperately enough can go use X.400
for their mail.
Not quite right. If you're using (for example) Outlook, the message
that's stored in your Sent Mail box is the message that was actually
sent. You need to have encrypted it to yourself to be able to read
it subsequently.
William