[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    Re: Save own PGP-encrypted mail unencrypted
From:       Michel Bouissou <michel () bouissou ! net>
Date:       2001-10-29 21:56:34
[Download RAW message or body]

Daniel Seifert wrote:

> in August I issued a "wish" which I personally think to be very
> important. With kmail 1.3.1 it is still not possible to store mails
> unencrypted, causing an effective loss of data in the future.
> 
> Please consider my wish again, it should be fairly easy to implement.
> For your convenience I've attached my message below.

I _very_strongly_disagree_ with the idea of storing encrypted mail in an 
unencrypted form in an email software, KMail or else.

This would make a huge security risk to have confidential messages available 
in clear on the local system.

Even Microsoft software doesn't store encrypted mail in the clear...!

KDE does store the mails in the state in which it receives or sends them, 
encrypted or not, and this is the good way to go and keep going.

Furthermore, keeping the messages in their original state is the only way in 
which message signatures can be verified later if needed, proving the origin 
and authenticity of a message (non-repudiation, etc.)

The "effective loss of data in the future" argument simply makes no sense to 
me.

It is the responsibility of the user to keep his own secret key safe, so he 
can use it anytime to decrypt his messages in the future.
Should the user fear he might be unable to decrypt some of his mail later in 
the future, he should copy the decrypted version of the messages in a place 
of his choice, preferably safe, under his own responsibility.

I have some mails or files that I encrypted years ago with PGP 2.x, and even 
though I've forgotten about them ;-) I know I would be able to decrypt them 
anytime because I take great care of keeping the necessary keys and a copy of 
a suitable software version.

Should a user experiment a "loss of data" because he someday loses his key, 
passphrase, or decryption software, it would be the user's own fault.
It's not an e-mail software job to backup encrypted files in the clear just 
because the user could be careless enough to lose his decryption keys.

That is simply NOT the email software job.

Should KMail someday store encrypted mail in the clear, I would quit using 
KMail immediately, and I know many that would quit using it as well (or at 
the very least very loudly complain).

Best regards.

-- 
Michel Bouissou <michel@bouissou.net> OpenPGP ID 0x5C2BEE8F
_______________________________________________
kmail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic