And that is the bit that got lavabit in trouble…storing plain text emails encrypted on the server. The provider shouldn’t be able to read them.
Here’s my solution:
SSL/TLS in transit
Pgp/gpg encrypted bodies
Encrypted storage on the server with no backdoors