Memory Hole discussion / OpenPGP e-mail header protection
Werner Koch
wk at gnupg.org
Wed Jun 24 15:26:53 CEST 2015
On Fri, 19 Jun 2015 17:27, bre at pagekite.net said:
> 7. Compatibility concerns:
> 1. What breaks if we obscure the To / From / Cc / Reply-To / Errors-To / ...
Spam filter and general procmail rules. When running procomail (or
whatever you guys use these days) on the client there will be a need for
unattended decryption. This raises the same security concerns as those
with Enigmail's auto decryption.
> 2. What breaks if we obscure the References: and In-Reply-To: headers?
Threaded display (unless auto decrypted)
> 3. What breaks if we obscure the Message-ID?
I don't see a problem here. The Message-id is only used locally and
there should be no problem to use the replacement Message-ID. In fact
there is no need for an encrypted Message-ID. If a MUA requires an
authenticated Message-ID it may also use a hash of the signature
instead.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list