Memory Hole discussion / OpenPGP e-mail header protection

Werner Koch wk at
Mon Jul 20 12:55:11 CEST 2015

On Mon,  6 Jul 2015 16:35, Alexander.Strobel at said:

> in my opinion. As colors might be displayed wrong (if you don't use
> something like web safe colors), there are some people outside which are
> color blind or live in a culture where the meaning of a color is

Tyre, but for the majority of users a colored frame is a good and easy
to grasp hint.  We do this in Kmail for about a decade and all tests
showed that it worked as expected.

I know that this is harder to do in Outlook.  But well, security aware
people won't use OL at all.

> Because of this I would prefer icons and/or a textual representation.

That is fine in addition to a different rendering.  Inline-icons and
strings are easy to fake, though.

> To implement this for PGP/MIME was our understanding too. We are able to
> read PGP/MIME without problems. Creating RFC conform PGP/MIME in
> contrast _is_ a problem for us, as Outlook/Exchange inserts an empty
> MIME part and destroys the content-type of the email and the first empty

Are you using MAPISecureMessage::GetBaseMessage ?  According to a telco
I once did with the Outlook dev team this and the AfterWrite event
allows to do perform any kind of message mangling without Outlook
kicking in.  We have not tested this due to the lack of funds, though.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list