header protection drafts too early to implement (Re: Protect email experience not Subject:s (hypothesis, draft))
bernhard at intevation.de
Fri Mar 12 18:02:41 CET 2021
Took a few hours to read through the current version of
Am Freitag 29 Januar 2021 17:52:25 schrieb Bernhard Reiter:
>  https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/
draft-ietf-lamps-header-protection-03 Last updated 2021-02-22
which also aims at OpenPGP/MIME mails.
To keep you in the loop, my main take-away so far:
It is not ready to be implemented yet, because
a) it rightfully aims to proposed one method and leans towards
wrapped message approach.
b) the usability problems are not addressed, mainly how to display a mixed set
up headers where some are signed-only, not protected or
signed-and-encrypted, but also the complexity arising from this.
Also what should happen if one of the signature do not validate,
displaying this for each header field is something I cannot really
imaging so far.
c) the drawback of server filter and access and indexing problems
with implementations (where email draws a lot of usability from)
Overall, there is some good technical work in the document. Personally I feel
it focusses on some aspects more than other aspects, missing a bit on the
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 659 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users