@delta
Re: scalable encryption
There must be a tradeoff between "every recipient gets its own cypher text" and "some parts are encrypted to recipient's own key, while others are same cypher text".
The second one allows for comparison at large providers and correlation.
I wonder about your thoughts/decisions in this tradeoff.