[hueving]

>which is the reason you'll find very few soundly designed cryptosystems that do this.

Nearly every secure system I've dealt with (in the military side) encrypted at the network layer (VPN) and they sent encrypted files over that channel.

[tptacek]

Yes, because (as I just said), encrypting files mitigates systems problems outside the scope of the secure channel problem. A secure channel doesn't help you if the bag of bits you send down it ends up persisted on an exported, unencrypted filesystem.

That doesn't mean that redundant clientside encryption of files is a sensible feature for a secure channel to have.