Protecting Mail headers (was: Re: Evolution signatures)

Carl L. Gilbert lamont_gilbert@rigidsoftware.com
Wed Aug 6 13:26:02 2003 

--=-FdOWGz5/g78UFmy4HD/f
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2003-08-06 at 02:28, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Tuesday 05 August 2003 21:18, Neil Williams wrote:
>=20
> [Protecting email headers]
> > But again, what do I GAIN from you doing that extra work?
>=20
> You probably can see what I mean in the answer I wrote to Carl's mail. If=
 not:=20
> Quite a few people are used to essential bits of information being contai=
ned=20
> in the Subject of a message. Or, to take the famous and stupid example:
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D
> From: alice@heaven.org
>=20
> ----- BEGIN PGP SIGNED MESSAGE -----
>=20
> I lkove you
>=20
> ----- END....
> =3D=3D=3D=3D=3D=3D
>=20
> I hope it's clear what you can lose because the From: header is not signe=
d.=20
> Yes, the example is stupid, but I think things like these *do* happen.
>=20
> Attached is my proposal - comments, of course, are welcome. One extension=
 I'm=20
> thinking of: in case of encrypted mail, let the "protected" headers=20
> automatically override the original headers of the mail when it is displa=
yed,=20
> and strip the real mail headers down to the minimum (empty Subject, envel=
ope=20
> sender/recipient in To/From, no CC, no References. But this would break t=
he=20
> (for me) important property of the proposal: if your MUA at the receiving=
 end=20
> doesn't support header protection, everything works as expected. So this=20
> extension would be optional in any case.
>=20
> cheers
> -- vbi


again, the headers belong to the mailing 'system' not the sender of the
email per se.  So they can be modified at the discretion of the system.

To guarantee whom and email is from, its going to require more that a
signature on a piece of text.  you need some kind of authentication at
both ends, and a secure channel, which mail does NOT have.

--=20
Thank you,


CL Gilbert
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes
9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org (Encryption and Digital
Signatures)

--=-FdOWGz5/g78UFmy4HD/f
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA/MOYrVbJM14DSCi0RAsURAKD4bWvJ120IZGNfbR/cx7KKY9VjIwCg8vbj
5DHSA6m5hW6dATi4kFPuQpA=
=4hB5
-----END PGP SIGNATURE-----

--=-FdOWGz5/g78UFmy4HD/f--