MIME structure of encrypted mail and subkeys
Werner Koch
wk at gnupg.org
Tue Jun 30 17:38:29 CEST 2015
On Tue, 30 Jun 2015 16:41, bre at pagekite.net said:
> The subkey idea is an interesting twist on that, since it allows
> different security levels for different parts of the message. It feels a
> bit complicated, but it has potential. Very interesting!
Some media agin picked up the radioexp thing (CVE-2014-3591) from
February and for that a major enabler is the auto-decrypt feature of
some MUAs. This is why I conclude to better have a meta-data only key
compromised than the real content.
> Of course, as discussed in April, as soon as the message is broken up
> into multiple parts like this, we start to want a summary of some sort
> (a manifest), so you know whether you have the entire message or only
I did not attend the entire session so I am missing some details.
> This manifest doesn't need to be complicated. It could be something as
> simple as a few X-headers in the Memory Hole part, each header
> describing an expected MIME part (things like mime-type, filename,
This would inhibit one-pass processing.
What about a boolean flag manifest-in-next-part and have the Manifest in
that next part? With such a chain of Manifests you can read the message
MIME part by part and verify up to the part you have read:
Last-part: HASH, more=yes|no
This requires only limited amount of look-ahead while composing a
message.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list