[dev] PGP support for IMP - A start...

[Michael M Slusarz]

On Tue, 26 Mar 2002, Michael M Slusarz wrote:

> 5.) Since I believe one of the purposes/goals of IMP is to have a fully
> featured client without ever needing shell access, this means that all PGP
> keys must be stored in the prefs framework.  This doesn't seem to be a
> problem with receiving messages since we are only using public keys (Keep
> all keys in a serialized field?).  We may have a problem with composition
> since this requires private keys - what kind of security concerns do we
> have with a preference framework for storing private information?  Leave it
> up to the user to decide with a warning message?
>

Look at me.  I'm already confused :)  I realize now my mistake - when
receiving messages, you need the passphrase for YOUR private key (since the
sender used your public key to encrypt it).  Thus, receiving messages
requires that your private key must be kept in the preferences.  Therefore,
this question is pertinent to my current task (instituting receiving
messages).

my bad.

michael