Signing headers (was Re: Evolution signatures)

David Shaw
Fri Aug 8 21:05:02 2003

On Wed, Aug 06, 2003 at 01:26:37PM -0500, Kyle Hasselbacher wrote:
> On Wed, Aug 06, 2003 at 06:33:26PM +0100, Neil Williams wrote:
> >On Wednesday 06 Aug 2003 11:17 am, Adrian von Bidder wrote:
> >> There's a huge difference on how it should be and how it is.... There are
> >> many people using the Subject to convey essential information. [...]
> >Not true. Why make this part of GnuPG when the 'problem' is clearly user 
> >related? I don't have any experience of what you described as 'often' - blank 
> >subject lines are just plain rude (make scanning an inbox for important mail 
> >from new correspondents more difficult) and users who do this should simply 
> >be told to mend their ways.
> >
> >If someone doesn't repeat the 'vital' information contained in the subject 
> >line within the signed message, disregard it and then ask them why.
> Just to throw another wrench in this, I've frequently wanted ENCRYPTED
> subjects.  When I'm sending a private mail, I find myself using a
> "practically blank" subject like "Note" or "Hi" because I don't want the
> subject available to third parties any more than I want them to read the
> contents of the message.
> I consider some headers (especially the subject) to be part of the
> communication of a message.  As such, I'd like to protect the privacy and
> integrity of those parts the same way as the message itself, as much as
> that's possible.

PGP/MIME can handle this using a message/rfc822 content-type.
Essentially, it puts the entire message, headers and all, inside the
encrypted or signed portion of the mail.