header protection drafts too early to implement (Re: Protect email experience not Subject:s (hypothesis, draft))

Bernhard Reiter bernhard at intevation.de
Fri Mar 12 18:02:41 CET 2021

Took a few hours to read through the current version of

Am Freitag 29 Januar 2021 17:52:25 schrieb Bernhard Reiter:
> [3] https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/

draft-ietf-lamps-header-protection-03  Last updated 2021-02-22 
which also aims at OpenPGP/MIME mails.

To keep you in the loop, my main take-away so far:

It is not ready to be implemented yet, because 

a) it rightfully aims to proposed one method and leans towards 
   wrapped message approach.

b) the usability problems are not addressed, mainly how to display a mixed set
   up headers where some are signed-only, not protected or
   signed-and-encrypted, but also the complexity arising from this.
   Also what should happen if one of the signature do not validate,
   displaying this for each header field is something I cannot really
   imaging so far.

c) the drawback of server filter and access and indexing problems
   with implementations (where email draws a lot of usability from)
   are unsolved.

Overall, there is some good technical work in the document. Personally I feel
it focusses on some aspects more than other aspects, missing a bit on the
bigger picture.

Best Regards,

www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210312/339df91e/attachment.sig>

More information about the Gnupg-users mailing list