Memory Hole discussion / OpenPGP e-mail header protection

Werner Koch wk at
Wed Jun 24 15:26:53 CEST 2015

On Fri, 19 Jun 2015 17:27, bre at said:

> 7. Compatibility concerns:
>    1. What breaks if we obscure the To / From / Cc / Reply-To / Errors-To / ...

Spam filter and general procmail rules.  When running procomail (or
whatever you guys use these days) on the client there will be a need for
unattended decryption.  This raises the same security concerns as those
with Enigmail's auto decryption.

>    2. What breaks if we obscure the References: and In-Reply-To: headers?

Threaded display (unless auto decrypted)

>    3. What breaks if we obscure the Message-ID?

I don't see a problem here.  The Message-id is only used locally and
there should be no problem to use the replacement Message-ID.  In fact
there is no need for an encrypted Message-ID.  If a MUA requires an
authenticated Message-ID it may also use a hash of the signature



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list