signed headers for OpenPGP [was: Re: What is the benefit of signing an encrypted email]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 19 22:37:29 CET 2011
On 01/19/2011 01:29 PM, Werner Koch wrote:
> I'd like to see a feature in MUAs to wrap the entire mail as presented
> in the composer into a message/rfc822 container and send the actual
> message out with the same headers as in the rfc822 container. This
> allows to sign the entire mail including the headers. On the receiving
> site the MUA should figure out that the signed headers match the actual
> ones and visually indicate the message including the header as signed.
> This is fully MIME compliant and should not break any MIME aware mailer
> (except for those only claiming to support MIME).
That's a pretty elegant way to solve this problem, actually. You don't
even need the signed headers to match all the other headers (e.g. the
Received: headers won't be known at sign/send time, not to mention the
other dubious mangling that goes on at the MTA level that Ingo mentioned).
I suspect that many spam engines might balk at an e-mail with a
top-level Content-Type: message/rfc822 though.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users