[MlMt] Crowd Funding 2014

[Bill Cole]

On 29 Oct 2013, at 7:59, Ryan Erwin wrote:

> The other direction that I see as a solid field to grow is simple 
> message security. Something that is easier to use than PGP, more 
> secure than PGP (no exposed subject lines!) but I think that requires 
> rethinking the client and the server, and ultimately if you change it 
> enough it's not even "email" anymore.

Correct. Or at least correct-ish...

"Subject" is a mandatory header in RFC822 and its successors. Not having 
it won't cause much breakage outside of client presentation, but there 
could be some issues with filters and access servers like Exchange that 
translate RFC822 messages into their own favorite formats. One solution 
is to use a meaningless Subject header on encrypted messages whose real 
Subject you put in the encrypted message body.

Ultimately this is a user practice issue, not something a client can 
solve. Cleartext Subject (and other) headers are useful enough that they 
are likely to be a permanent feature of standard email. The fact that 
PGP and S/MIME have both been essentially stable and closely matched in 
how much protection they provide, how easy they are to use, and how few 
people use them for many years is a strong indication that doing 
substantially better is a hard problem.