MIME structure of encrypted mail and subkeys

Werner Koch wk at gnupg.org
Tue Jun 30 17:38:29 CEST 2015

On Tue, 30 Jun 2015 16:41, bre at pagekite.net said:

> The subkey idea is an interesting twist on that, since it allows
> different security levels for different parts of the message. It feels a
> bit complicated, but it has potential. Very interesting!

Some media agin picked up the radioexp thing (CVE-2014-3591) from
February and for that a major enabler is the auto-decrypt feature of
some MUAs.  This is why I conclude to better have a meta-data only key
compromised than the real content.

> Of course, as discussed in April, as soon as the message is broken up
> into multiple parts like this, we start to want a summary of some sort
> (a manifest), so you know whether you have the entire message or only

I did not attend the entire session so I am missing some details.

> This manifest doesn't need to be complicated. It could be something as
> simple as a few X-headers in the Memory Hole part, each header
> describing an expected MIME part (things like mime-type, filename,

This would inhibit one-pass processing.

What about a boolean flag manifest-in-next-part and have the Manifest in
that next part?  With such a chain of Manifests you can read the message
MIME part by part and verify up to the part you have read:

  Last-part: HASH, more=yes|no

This requires only limited amount of look-ahead while composing a



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list