Memory Hole protected e-mail headers

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jul 31 21:31:42 CEST 2015


Hi folks--

Several of us have been talking about how to protect e-mail headers, in
the way that we currently can protect e-mail bodies.  The working name
for this approach is "Memory Hole".

We've made quite a bit of progress over the last few weeks, and i wanted
to encourage more people to get engaged with it.  Work is ongoing --
we're not anywhere near "done" -- but we want more eyes to make sure
things are working right.

 https://modernpgp.org/memoryhole/
 https://github.com/ModernPGP/memoryhole/

If you're an implementor of a Mail User Agent (MUA) that handles or
generates OpenPGP-signed or -encrypted messages, we want to make sure
this makes sense to you.

And if you're a user of any MUA (even ones that don't do OpenPGP at
all), you can contribute by trying to load our example corpus into your
MUA and sending us screenshots of how the messages render (or don't) for
you.

What we've got:

 * a description of how protected headers are structured, and how to
   interpret them

 * rough guidance on how to generate different forms of these messages.

 * a corpus of e-mails that conform or don't conform to the standard.
   we want people to try these (both in memoryhole-aware and
   non-memoryhole-aware MUAs) and make sure they look/behave as
   expected.

If you have ideas, please send and discuss here on gnupg-devel (if it
gets too noisy, we'll spin off a separate mailing list).  If you have
patches, you can send them here, send them to me privately, or prepare
them as pull requests on github.  If you have screenshots, i think
they'll probably be too large for the list here: if you can post them
someplace and send a link to them on the list, or send them to me
privately, i can import them into our screenshot database.

Happy hacking,

      --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20150731/51d42277/attachment.sig>


More information about the Gnupg-devel mailing list