You should define what your threat model actually is, and what specifically is the use case. Eg delegated decryption for email is very different than group chat.