meaningful and confidential subject lines in messages using pgp

sen_ml@eccosys.com sen_ml@eccosys.com
Mon, 14 Feb 2000 11:25:35 +0900


thanks for the feedback.

johanw> Isn't it much easier in this case to choose a fixed subject
johanw> line like above and add anotrher header like
johanw> X-Encrypted-Subject: with contains the subject, encrypted with
johanw> RSA or El Gamal? A mail reader can then ask for the password
johanw> once (or more if more secret keys are used), decrypt all these
johanw> subject lines and do it completely transparant.

here are some of my current thoughts about this idea:

  -assuming this were implemented, where does the information about
   which algorithm is used to encrypt the field value of
   X-Encrypted-Subject go?  it could be part of the field value, but then
   you'd have to define and parse the field value.  i hope you would agree
   that deciding on a fixed algorithm for the purpose of protecting subject
   contents is not desirable.

 -if you want to sign the contents of the meaningful subject, where does
  the signing information go and what is the signature algorithm and
  format?  i think this is essentially the same problem mentioned above.

placing a meaningful subject field value in the headers of a mime
entity which is then (optionally signed and) encrypted seems like a
good way to protect the contents as well as make use of the encryption
and signature framework which openpgp defines.  (as to exactly what
field name should be used, this is still something i am wondering
about)

what do you think?

p.s. btw, nice page on sci-fi and physics ;-)