meaningful and confidential subject lines in messages using pgp
sen_ml@eccosys.com
sen_ml@eccosys.com
Thu, 10 Feb 2000 11:58:56 +0900
based on a description from Sotiris Vassilopoulos, i have tested and
found the following method to work fairly well. (i believe the
explanation below is just a rephrasing of the original description,
but i am not quite sure.)
meaningful and confidential subject lines in messages using pgp
---------------------------------------------------------------
some email clients have the ability to do mime-attachment of existing
messages to newly created messages. also, certain clients have the
ability to "burst"/"extract" messages that "contain" messages. using
both of these mechanisms and pgp/mime, it should be fairly easy to
prevent subject information leakage, yet provide the receiver of a
message the convenience of a meaningful subject line. w/ additional
(hopefully) minor modifications to mail clients, it should be possible
to make this process easier on the user.
to create a subject-confidential message:
1) create a message which you wish to keep confidential -- use a
non-bogus subject line, and don't encrypt this message.
let's call this message A.
2) create another message using a subject line that is blank, bogus,
or prespecifed (so a mail client can know what to do w/ the
message?). to this new message, mime-attach message A from
step 1). using pgp/mime encrypt and optionally sign the result.
let's call this message B. note that the attached message
(message A) is also encrypted.
to read a received message created in the above manner:
1) decrypt the received message (message B). there should now be a
decrypted mime attachment (message A).
2) "burst"/"extract" the mime attachment (message A) out of the container
message (message B).
3) the "container" message can be disposed of or kept depending on
a user's security preference.
i ran a test w/ the mail client (mew) i am using and it worked just fine.
some observations:
-this worked in a few tests, but it would be nice if creating and
reading such messagess was a lot more automatic (read "mail client
support").
-it would be possible to decide to use a fixed subject string for
message B such as "Encrypted Mail Follows" (cf. urn:ietf:rfc:1421 PEM).
mail clients could support the functionality of automatically
extracting "message A" (or asking the user for permission to do
so), upon reception of a message w/ the fixed subject line.
i'm not a big fan of automatic processing like this due to security
concerns, but at least at first glance it doesn't seem bad (famous
last words!).
-at least one mail client that i know of has the ability to be on the
look-out for replying in plaintext to a message that was encrypted.
if the "container" message is discarded and the user were to reply to
the contained message, then it might be harder to provide this kind
of functionality w/o tracking the history of origin of messages
separately from the actual messages themselves. food for thought.
in an exchange on this subject on another list, i was pointed at
rfcs 1421 (pem), 2633 (s/mime v3), and 2634 (enhanced security
services for s/mime) when i asked about hiding the subject line.
i've started reading those rfcs, but i was under the impression that
they were orthogonal to the use of pgp and pgp/mime. can anyone
confirm or deny? (and perhaps suggest where i might find a gentler
intro to those subjects?)