Memory Hole discussion / OpenPGP e-mail header protection

Patrick Brunschwig patrick at
Wed Jun 24 13:06:59 CEST 2015

On 19.06.15 17:27, Bjarni Runar Einarsson wrote:

> Refinements discussed at GnuPG summit:
> 1. The spec should be clear on how to structure mail (so where the
> attachment goes, how many)
> 2. For ENCRYPTED mail:
>    1. When headers are MOVED from the normal header (for privacy), SOME should be made visible to users with older MUAs
>    2. Since only some headers are made visible, this implies two text/rfc822-headers parts:
>       1. One visible part, in-line at top of message,
>       2. A second attachment, containing non-critical headers
>    3. Any given header should only be present in one of the two parts; unambiguous rules desirable. Visible headers override invisible?
> 3. For SIGNED (not encrypted) mail:
>    1. All headers are visible; never MOVE headers
>    2. No backwards compatibility concerns - so only one attachment with secure headers
> 4. The text/rfc822-headers part, when an attachment, should be given a
> user-friendly name
> 5. How to present this in the user interface? Which headers are "secure"
> or "insecure"
> 6. Which headers should be protected by default? Which headers are only
> copied, which are moved?
> 7. Compatibility concerns:
>    1. What breaks if we obscure the To / From / Cc / Reply-To / Errors-To / ...
>    2. What breaks if we obscure the References: and In-Reply-To: headers?
>    3. What breaks if we obscure the Message-ID?
> Next steps:
> 1. Try implementing it, exchanging mail
> 2. Write up the spec, host the on modernpgp site?
> 3. Standardize?
> I've made progress on 1, but I have nobody to exchange mail with... any
> volunteers?

I'm currently working on this in Enigmail. I have a 70% implementation
for reading the RFC822-headers part; once I'll have completed with this,
I'll work on creating such messages.

I'll be very happy to have another mail client to try to exchange mails.
I expect to finish this in the next 3 weeks. I'll report back when I'm
ready for testing.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150624/2ab78061/attachment-0001.sig>

More information about the Gnupg-devel mailing list