don't use encrypt to self (Re: legislating the impossible?)

David Parkinson dparkins at alien.bt.co.uk
Mon, 06 Jul 1998 09:56:47 +0100 

At 16:54 05/07/98 +0100, Adam wrote:
<snip>
>The problem with `encrypt to self' is that it places access to
>ciphertext on my disk under the control of a third party -- the
>sender.  What's more I have no idea what precautions the sender takes
>of their key or passphrase -- they might not have a passphrase, or
>have it written on a sticky note on the side of their screen, and they
>may be using a multi user unix system.

I think you meant "recipient" - after all you're the sender!

Not being a PGP user I'm happy to be corrected, but I assume "encrypt
to self" means you add your own email address to the list of recipients.
This means that the message header includes a field that you are
able to decrypt - and hence recover the symmetric session key that
protects _that_ message.

Some of the follow-on replies I think missed the detail of what is
going here.

>The reason I call encrypt to self a misfeature is because it sends an
>additional door into the plaintext over the internet when there is no
>technical reason to do so.

Does it?  I'll admit it does send another copy of the session key,
but this has been encrypted with _your_ public key.  Is this really
a problem?

The misconception that appeared to be in some of the follow-ups was
that doing this blew your local system wide open.  In fact it doesn't
really change the status quo.  The person(s) who received the session
key that is protecting message X on your system also received the
plain text for message X - therefore the content of this data is
already compromised(?).  Using what they have (the session key for
message X) does not help them access message Y on your system (unless
they were already a recipient of Message Y - or your session key
generation is knackered!).

>If the sender wishes to keep a copy the software should keep a
>copy in plaintext or should keep a copy encrypted with the sender's
>own keys locally -- by sending an additional door into the data over
>the internet he is adding additional, and entirely unnecessary, risk.  

I agree that local archiving/protection should be totally separate to
mail and coupling it to "encrypt to self" does present a long term
key management problem.  I see nothing wrong with "copy to self" as
a short-term way of recording what you type in your mailer - but you
need a proper underlying strategy for archiving and for "local"
protection of what you have stored on your workstation/PC.

David