[MlMt] Warn sending encrypted mail about unencrypted subject

Brad Knowles brad at shub-internet.org
Thu Jul 17 10:29:59 EDT 2014


On Jul 17, 2014, at 1:51 AM, Benny Kjær Nielsen <mailinglist at freron.com> wrote:

> If a standard for encrypting the subject-header (and maybe other headers) existed then it should probably just require the headers to be moved into the encrypted plain text body part of the message. Email clients supporting the standard could then use these headers to replace placeholder headers (for example, Subject: Encrypted) and email clients not supporting it would still be showing the real headers as part of the body of the message (ok, then it's a problem when displaying an HTML body part, but HTML is always a problem). I don't think anything like this is very likely to ever become standardized behavior, but I may be wrong.

You would have to check the relevant PGP/MIME and S/MIME RFCs, but I believe that the standard technique is to take the entire contents of the message (all relevant headers included), put that into a text/rfc822 MIME bodypart and sign and/or encrypt it.  Of course, that text/rfc822 MIME bodypart could be composed of multiple other MIME bodyparts.

On the other end, you reverse the process and display only the signed/encrypted headers to the recipient.  The unsigned/unencrypted headers should still be available, of course.  If you display both unsigned/encrypted headers as well as the signed/encrypted ones, then you need to make sure that there is a visual distinction between the two.


But I've seen a couple of guys on this list who know a lot more about RFCs than I do.  I'll let them choose whether or not to step forward and identify themselves, and provide whatever advice they can.

--
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20140717/8b8cef98/attachment.pgp>


More information about the mailmate mailing list