Encryption is invariably the solution when discussing Internet security and how to keep information private. Encryption is used in IPsec and TLS, as well as many application layer security protocols. However, encryption of the protocol data units (whether they are IP datagrams or TCP segments) protects the data encapsulated within those protocol data units only when they are in transit. Once the packet or segment arrives at its destination, the data within is decrypted. Even if encryption were applied at the application protocol layer, with SMTP, IMAP, or POP doing the encryption and decryption as the data containing the message is transferred from one host to another, the data would still be decrypted by each server before being re-encrypted and passed along to the next server. The solution to the problem of how to protect Internet message privacy is to bypass the protocols and encrypt the message itself. However, lower-layer protocols are still valuable even when the message is encrypted. Although the message (actually, the message body) is encrypted, the message headers must still be in plain text. Thus, traffic analysis may be brought to bear on the message if it is transported openly across an open network. Attackers can determine who is sending the message and who is receiving the message, and they can read any headers that are included with the message. Later in this chapter we discuss several approaches to Internet message encryption.