Re: [openpgp] Signing Email Headers

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 18 March 2015 11:49 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD3B71A007B for <openpgp@ietfa.amsl.com>; Wed, 18 Mar 2015 04:49:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fp79QqQhif11 for <openpgp@ietfa.amsl.com>; Wed, 18 Mar 2015 04:49:14 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 6E4521A007C for <openpgp@ietf.org>; Wed, 18 Mar 2015 04:49:14 -0700 (PDT)
Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 3956CF984; Wed, 18 Mar 2015 07:49:12 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id A684620239; Wed, 18 Mar 2015 04:49:07 -0700 (PDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Nicholas Cole <nicholas.cole@gmail.com>, "openpgp\@ietf.org" <openpgp@ietf.org>
In-Reply-To: <CAAu18he0yAiYtEf0ePJkE6BWuaMT7_72gyQjvnOP6YOwK4FZzg@mail.gmail.com>
References: <CAAu18he0yAiYtEf0ePJkE6BWuaMT7_72gyQjvnOP6YOwK4FZzg@mail.gmail.com>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Wed, 18 Mar 2015 07:49:07 -0400
Message-ID: <87vbhyjzkc.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/nlk5MX2ZsM2S_6AVzI-kl_hJxJs>
Subject: Re: [openpgp] Signing Email Headers
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2015 11:49:16 -0000

On Wed 2015-03-18 05:46:45 -0400, Nicholas Cole wrote:
> One issue that comes up again and again is the question of signed
> email headers.  Isn't there an obvious solution -- nest an email
> message within a PGP/MIME message -- complete with the headers that
> you want to protect?

Please see the thread in this working group titled "Encrypting / Signing
the mail subject?" from the last several days for this very topic,
including a proposal that should be simpler for non-compliant MUAs to
handle than a full embedded e-mail message, while still providing the
features you're looking to add.

       --dkg