Signing headers (was Re: Evolution signatures)
David Shaw
dshaw@jabberwocky.com
Sun Aug 10 01:21:02 2003
--5/uDoXvLw7AC5HRs
Content-Type: message/rfc822
Content-Disposition: inline
From: David Shaw <dshaw@jabberwocky.com>
To: gnupg-users@gnupg.org
Subject: Re: Signing headers (was Re: Evolution signatures)
References: <1060016953.11097.25.camel@erasmus.localdomain> <20030806182637.GC11264@longshot.toehold.com> <20030808190603.GC14688@jabberwocky.com> <200308090704.58629@fortytwo.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200308090704.58629@fortytwo.ch>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-Request-PGP: http://www.jabberwocky.com/david/keys.asc
X-Phase-Of-Moon: The Moon is Waxing Gibbous (92% of Full)
On Sat, Aug 09, 2003 at 07:04:55AM +0200, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Friday 08 August 2003 21:06, David Shaw wrote:
> > On Wed, Aug 06, 2003 at 01:26:37PM -0500, Kyle Hasselbacher wrote:
>
> > > I consider some headers (especially the subject) to be part of the
> > > communication of a message. As such, I'd like to protect the privacy and
> > > integrity of those parts the same way as the message itself, as much as
> > > that's possible.
> >
> > PGP/MIME can handle this using a message/rfc822 content-type.
> > Essentially, it puts the entire message, headers and all, inside the
> > encrypted or signed portion of the mail.
>
> Damn. I guess this simple idea pretty much makes my thingy
> obsolete. All that's needed is (i) to teach MUAs to generate such
> messages and to (ii) merge inner headers into the outer headers when
> displaying a message with
> multipart/{signed,encrypted}[message/rfc822] content type. (merging
> the headers, because I want my MUA to interpret some of the headers
> added in transport, such as the List-... headers and the
> X-Spam-Status headers - but I don't want the space-eating display of
> the double headers.)
For what it's worth, this is what a signed message/rfc822 message
looks like. I made it manually with mutt by writing the message out,
then creating a new message and attaching this response to it.
David
--5/uDoXvLw7AC5HRs
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc2 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
iEYEARECAAYFAj81gh4ACgkQ4mZch0nhy8l7NACfaUxBgRwpGPhsnC6zomq/0fZA
M/EAoL2FZjwzDaLI38ENqK9C19Wy1lIY
=mMbD
-----END PGP SIGNATURE-----
--5/uDoXvLw7AC5HRs--