Encrypting / Signing the mail subject?
mnyromyr at tprac.de
Fri Jan 16 19:22:00 CET 2015
Robert J. Hansen wrote:
>> One of the things I find unfortunate about OpenPGP encryption is
>> that the subject of a mail is not encrypted and signed.
> This is a total nonissue. Give each new thread a nonsensical name:
> STEEL CAMELLIA, ARGENT LUNACY, NEPAL SUNSET, and so forth.
It's just a bad workaround.
Many people (including me) feel it's an unnecessary technical burden.
> The actual contents of a subject line are rarely of interest:
> rather, what's of interest is that one message belongs to the same
> thread as another message, and for that purpose a randomly-chosen
> identifier works quite well.
Message-ID: and References: work even better.
> If your subject lines are sensitive material, then you're doing it
No, the protocol is broken.
Or rather, if it's too easy to leak data, it should be fixed.
> Further, the entire reason why the subject lines are not
> encrypted/signed is because they belong to email metadata, which
> OpenPGP doesn't touch.
Hence it should evolve.
> Protecting metadata is a hard topic.
The way email currently works, you can't avoid having any headers
because they're used in transportation/logging.
But headers can be split into at least two groups:
- used/created in transport
(like Received:, To:)
- solely passed through from sender to recipient
(like Subject:, References:)
There may be edge cases (do MTAs need to know about certain headers just
beacause they use it for spam filetering?), but it should be possible to
protect sensitive end-to-end-headers.
> Rather than come up with an ad-hoc method that protects one single
> metadata field, I'd rather see a solution that protects all
Yes, insofar that "all" is probably impossible.
>> What I have in mind is something like this: Whenever a PGP mail
>> app creates a mail it replaces the subject with a defined keyword.
>> This could be something trivial like "__ENCRYPTED_SUBJECT__". It
>> then places a Subject line inside the encrypted mail body. This is
>> followed by two newlines and then the real encrypted body of the
>> mail follows.
> It breaks threading.
Wrong, in this generality.
Threading by subject is broken by design anyway.
But artificially making all subjects the same is making things even
Brainstorming, I'd rather extend the PGP sections by a private,
encrypted header section. Compliant agents would then put sensitive
(non-transport) headers there and remove them from the normal headers
(if allowed by usual RfCs). A compliant recipient agent would restore
those when displaying the decrypted message.
Or something along that line.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel