Encrypting / Signing the mail subject?

Hanno Böck hanno at hboeck.de
Sat Jan 17 15:26:46 CET 2015 

Hi,

On Fri, 16 Jan 2015 15:29:13 -0500
Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

> despite the fact that the IETF's OpenPGP WG is closed, i think that
> openpgp at ietf.org mailing list is still active.  It may be worth
> discussing issues like this in that forum as well, to get a wider
> range of buy-in.

Okay, I've now subscribed there, we can move all follow-up discussion
there.

As for your proposal:

> What do you think?

I think it is superior to what I suggested (and the display in my
client is as you expected, it shows the headers above the mail).

I had hoped to solve this with very little complexity, but it turns out
there are probably more things to worry than first thought.

I like your idea of also signing the Date, which seems to make a lot of
sense, however that adds another layer of complication, because now we
have header fields that are hidden in the real mail headers (like
subject) and others that are duplicated in both headers.

What I worry is extending this to stuff that has technical meaning,
like threading info. I can't really see how a client app should handle
that. It wouldn't display the threading when the mail comes in because
it doesn't see it unless the key is unlocked with a password. Would the
messages then flip around once the key is unlocked?

I think we should at least for the start restrict the whole thing to few
headers where we have confidence that it won't create funny
sideeffects. Basically thinking about more headers is nice, but if it
makes the whole thing so complex it won't happen we don't win anything.


To sum up what we have by now:
* 1 very simple proposal by me and one more advanced one by DKG,
  details need to be worked out.
* A statement by Enigmal-dev Patrick Brunschwig that he'd consider
  implementing something like this if it's supported by other clients
  and/or is a proper standard.
* we move the discussion to the ietf openpgp list.

I'll try to reach out the endtoend-people, because most likely that'll
be one of the major other pgp mail implementors beside the
gnupg/enigmail combo.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150117/3b369c28/attachment.sig>

More information about the Gnupg-devel mailing list