IETF Logo Mail Archive

Re: [openpgp] Put Signature in an Email's Header

Benjamin Kaduk <kaduk@mit.edu> Thu, 31 December 2020 22:22 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BF183A0C4A; Thu, 31 Dec 2020 14:22:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R1r0kw9rSbn0; Thu, 31 Dec 2020 14:22:31 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81DC23A0C4C; Thu, 31 Dec 2020 14:22:30 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 0BVMMO5b028512 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 31 Dec 2020 17:22:29 -0500
Date: Thu, 31 Dec 2020 14:22:23 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Neal H. Walfield" <neal@walfield.org>
Cc: Wiktor Kwapisiewicz <wiktor=40metacode.biz@dmarc.ietf.org>, openpgp@ietf.org
Message-ID: <20201231222223.GG93151@kduck.mit.edu>
References: <48be3fcf-cdce-9ef4-655b-63b6dddf9310@kuix.de> <20201211095836.5218a72e@computer> <cd02d2db-0671-dfc0-dab3-dc793a2c1605@metacode.biz> <878sa4y7hy.wl-neal@walfield.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <878sa4y7hy.wl-neal@walfield.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/mw9kukT87TiG-uHUiRSVtgaEiKU>
Subject: Re: [openpgp] Put Signature in an Email's Header
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2020 22:22:33 -0000

On Fri, Dec 11, 2020 at 11:14:33AM +0100, Neal H. Walfield wrote:
> On Fri, 11 Dec 2020 10:03:44 +0100,
> Wiktor Kwapisiewicz wrote:
> > On 11.12.2020 09:58, Hanno Böck wrote:
> > > FWIW I have heard lots of complains about the signature attachment,
> > > which is why I stopped sending signed emails by default a long time ago.
> > 
> > Too bad signatures cannot be put into headers (just like DKIM
> > signatures). That would not confuse people (because they generally
> > don't inspect headers) while providing necessary info for clients that
> > understand them.
> 
> When you say cannot, I think you mean there is no standard to so.
> Technically, I think, it is possible, and it is a neat idea.

You may want to keep an eye on draft-ietf-httpbis-message-signatures that
is defining an HTTP header field for conveying a signature over (a subset
of) the message.  It seems like at least some of the topics covered would
be relevant for the email case as well.

-Ben

v2.23.0 | Report a Bug | By Email