Re: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers

Werner Koch <wk@gnupg.org> Tue, 16 July 2013 08:24 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DA2C11E8268 for <openpgp@ietfa.amsl.com>; Tue, 16 Jul 2013 01:24:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hvuil95hTB-d for <openpgp@ietfa.amsl.com>; Tue, 16 Jul 2013 01:24:40 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by ietfa.amsl.com (Postfix) with ESMTP id EF5EB11E8257 for <openpgp@ietf.org>; Tue, 16 Jul 2013 01:24:39 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1Uz0Yo-0006u4-O7 for <openpgp@ietf.org>; Tue, 16 Jul 2013 10:24:38 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.80 #3 (Debian)) id 1Uz0QX-0000Mf-Ho; Tue, 16 Jul 2013 10:16:05 +0200
From: Werner Koch <wk@gnupg.org>
To: Ximin Luo <infinity0@gmx.com>
References: <51D360B2.1070709@gmx.com> <51E4FEF0.7010004@gmx.com>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=1E42B367; url=finger:wk@g10code.com
Date: Tue, 16 Jul 2013 10:16:05 +0200
In-Reply-To: <51E4FEF0.7010004@gmx.com> (Ximin Luo's message of "Tue, 16 Jul 2013 09:06:08 +0100")
Message-ID: <87fvvekji2.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: openpgp@ietf.org
Subject: Re: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2013 08:24:45 -0000

On Tue, 16 Jul 2013 10:06, infinity0@gmx.com said:
> On 03/07/13 00:22, Ximin Luo wrote:

>> What's the current status of this in the PGP/MIME standard? Is it still a
>> problem? I notice that email subject headers are in a similar situation, and
>> users have complained about it.[3] The problem of unencrypted/unauthenticated
>> recipient is less obvious, so I haven't seen user complaints, but potentially

There is a simple and standard conform way to tackle this:
message/rfc822 - all covered by PGP/MIME.

FWIW, PGP/MIME allows you to do encrypt-then-sign or any other
combination - if you really want that.  PGP/MIME is a well thought out
and matured system created 17 years ago.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.