Encrypting / Signing the mail subject?

Karsten Düsterloh mnyromyr at tprac.de
Fri Jan 16 19:22:00 CET 2015 

[topic reconstructed]

Robert J. Hansen wrote:
>> One of the things I find unfortunate about OpenPGP encryption is 
>> that the subject of a mail is not encrypted and signed.
> 
> This is a total nonissue.  Give each new thread a nonsensical name: 
> STEEL CAMELLIA, ARGENT LUNACY, NEPAL SUNSET, and so forth.

It's just a bad workaround.
Many people (including me) feel it's an unnecessary technical burden.

> The actual contents of a subject line are rarely of interest:

YMMV

> rather, what's of interest is that one message belongs to the same 
> thread as another message, and for that purpose a randomly-chosen 
> identifier works quite well.

Message-ID: and References: work even better.

> If your subject lines are sensitive material, then you're doing it 
> wrong.

No, the protocol is broken.
Or rather, if it's too easy to leak data, it should be fixed.

> Further, the entire reason why the subject lines are not 
> encrypted/signed is because they belong to email metadata, which 
> OpenPGP doesn't touch.

Hence it should evolve.

> Protecting metadata is a hard topic.

Yes.
The way email currently works, you can't avoid having any headers
because they're used in transportation/logging.
But headers can be split into at least two groups:
- used/created in transport
  (like Received:, To:)
- solely passed through from sender to recipient
  (like Subject:, References:)
There may be edge cases (do MTAs need to know about certain headers just
beacause they use it for spam filetering?), but it should be possible to
protect sensitive end-to-end-headers.

> Rather than come up with an ad-hoc method that protects one single 
> metadata field, I'd rather see a solution that protects all 
> metadata.

Yes, insofar that "all" is probably impossible.

>> What I have in mind is something like this: Whenever a PGP mail
>> app creates a mail it replaces the subject with a defined keyword.
>> This could be something trivial like "__ENCRYPTED_SUBJECT__". It
>> then places a Subject line inside the encrypted mail body. This is
>> followed by two newlines and then the real encrypted body of the 
>> mail follows.
> 
> It breaks threading.

Wrong, in this generality.
Threading by subject is broken by design anyway.
But artificially making all subjects the same is making things even
worse, yes.

Brainstorming, I'd rather extend the PGP sections by a private,
encrypted header section. Compliant agents would then put sensitive
(non-transport) headers there and remove them from the normal headers
(if allowed by usual RfCs). A compliant recipient agent would restore
those when displaying the decrypted message.
Or something along that line.

Karsten

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150116/1c157c5a/attachment.sig>

More information about the Gnupg-devel mailing list