Robert J. Hansen rjh at
Fri Jan 16 18:12:40 CET 2015

> One of the things I find unfortunate about OpenPGP encryption is that
> the subject of a mail is not encrypted and signed.

This is a total nonissue.  Give each new thread a nonsensical name:
contents of a subject line are rarely of interest: rather, what's of
interest is that one message belongs to the same thread as another
message, and for that purpose a randomly-chosen identifier works quite
well.  To demonstrate this, I've changed the subject line of this email:
I think you'll find it's very easy to keep threading and so forth
intact, despite the fact the subject line is now content-free.

If your subject lines are sensitive material, then you're doing it wrong.

Further, the entire reason why the subject lines are not
encrypted/signed is because they belong to email metadata, which OpenPGP
doesn't touch.  Protecting metadata is a hard topic.  Rather than come
up with an ad-hoc method that protects one single metadata field, I'd
rather see a solution that protects all metadata.

> This is imho very bad from a usability point of view and also not 
> really neccessary, because there are ways this could work without 
> changing too much about the way pgp mails work.

Take a look at the Enigmail source code, please, before opining about
how your proposal would not necessitate much change to how email
processing works.  Until/unless you've done that, you don't have an
opinion worth listening to on the subject.

> What I have in mind is something like this: Whenever a PGP mail app 
> creates a mail it replaces the subject with a defined keyword. This 
> could be something trivial like "__ENCRYPTED_SUBJECT__". It then 
> places a Subject line inside the encrypted mail body. This is 
> followed by two newlines and then the real encrypted body of the
> mail follows.

It breaks threading.

> What do people think about it?

I think it's a bad idea.

> Is this the right place to discuss it?

As right as anyplace is.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20150116/c99a70b5/attachment-0001.bin>

More information about the Gnupg-devel mailing list