Signing headers (was Re: Evolution signatures)

[Kyle Hasselbacher]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Aug 06, 2003 at 06:33:26PM +0100, Neil Williams wrote:
>On Wednesday 06 Aug 2003 11:17 am, Adrian von Bidder wrote:

>> There's a huge difference on how it should be and how it is.... There are
>> many people using the Subject to convey essential information. [...]

>Not true. Why make this part of GnuPG when the 'problem' is clearly user 
>related? I don't have any experience of what you described as 'often' - blank 
>subject lines are just plain rude (make scanning an inbox for important mail 
>from new correspondents more difficult) and users who do this should simply 
>be told to mend their ways.
>
>If someone doesn't repeat the 'vital' information contained in the subject 
>line within the signed message, disregard it and then ask them why.

Just to throw another wrench in this, I've frequently wanted ENCRYPTED
subjects.  When I'm sending a private mail, I find myself using a
"practically blank" subject like "Note" or "Hi" because I don't want the
subject available to third parties any more than I want them to read the
contents of the message.

I consider some headers (especially the subject) to be part of the
communication of a message.  As such, I'd like to protect the privacy and
integrity of those parts the same way as the message itself, as much as
that's possible.

The alternate extreme is that we throw away all the (unsigned) headers and
try to understand the message as best we can from what's in it--who signed
it, what it says, what the date stamp on the signature was, etc.  I dislike
that option.
- -- 
Kyle Hasselbacher | Life in the state of nature is solitary, poor, nasty,
kyle@toehold.com  | brutish, and short. - Thomas Hobbes, Leviathan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/MUhd10sofiqUxIQRAiQsAKDU3/+5HJNFG0sD+OF5jNJvkouVlACfTfMT
q05q2BB4f9a3cZe3TXSDlBw=
=XD8S
-----END PGP SIGNATURE-----