don't use encrypt to self (Re: legislating the impossible?)

[Ian BROWN]

> I think you meant "recipient" - after all you're the sender!

If you send me a message encrypted to me and you, and I leave the ciphertext 
on my disk thinking it's only accessible by me, I'm wrong. It is as vulnerable 
to compromise of your key as it is mine.

> I'll admit it does send another copy of the session key,
> but this has been encrypted with _your_ public key.  Is this really
> a problem?

Yes, because the DTI now has two people it can subpoena rather than one. Or 
attackers have two systems they can breach rather than one. Remember the old 
security adage: defenders need to protect against every possible 
vulnerability, attackers need only find one.

Ian :D