Re: [openpgp] Put Signature in an Email's Header
Bart Butler <bart+ietf@pm.me> Tue, 08 August 2023 17:07 UTC
Return-Path: <bart+ietf@pm.me>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B62C6C152573 for <openpgp@ietfa.amsl.com>; Tue, 8 Aug 2023 10:07:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Level:
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pm.me
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYH1jiBKIsgq for <openpgp@ietfa.amsl.com>; Tue, 8 Aug 2023 10:07:02 -0700 (PDT)
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C370BC15152C for <openpgp@ietf.org>; Tue, 8 Aug 2023 10:07:02 -0700 (PDT)
Date: Tue, 08 Aug 2023 17:06:49 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail3; t=1691514420; x=1691773620; bh=bbrW7a/ev66T+3qLc80cu2XF1LuNZQOgVE7qoRSIbks=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=ECcBUB0PF8kw/7Q7OauboVIwo8xtlR+wdDTYBPO+2ZGu2mRsh1i945nNFPwXd0Hra tbVa12BEGHwo/8ETXtfoFCLJS1Me/+B0hdRKKkGIRnkZtXG7I0PVPc2HM+auJle42z T2uyZd0Gh8vn85yh1zy+pUBHAQEmN1Lrv9ZD/CLQs08ModQGbj9r3y9sN1Wc+QkkKp aQ8HkQwwbFtFJwt40tt2uAjsKUV9ZcOIifHxFU/Q2eB1grwLNRfnKboGvrJNVAQ3m0 kBZsm9veTvLJr3r0TCv/qIvs5rK4ILXIelmSIrXGbsWCoI12PI7HJ/GBoJKVPQY9dB DS9jU56Wn6IrQ==
To: Kai Engert <kaie@kuix.de>, Wiktor Kwapisiewicz <wiktor=40metacode.biz@dmarc.ietf.org>, "openpgp\\@ietf.org" <openpgp@ietf.org>
From: Bart Butler <bart+ietf@pm.me>
Message-ID: <srngUaHAVOOvcLAVlV4Dzd70XCfUJfCOYoWkVIMWpIhurQ_0c7aTBHAKPanjhbaYxBSMDZ8BawhaLKKkfcP5lUWVT6TwkSjkhEvG8P3tigA=@pm.me>
In-Reply-To: <17a06888-8516-457f-8ef3-85b7c77ce2f6@kuix.de>
References: <48be3fcf-cdce-9ef4-655b-63b6dddf9310@kuix.de> <878sa4y7hy.wl-neal@walfield.org> <4dbaf770-2b2e-47cc-afb5-3ba07706aafd@kuix.de> <87a5v1j4xo.fsf@wheatstone.g10code.de> <db447915-fc25-4759-879e-b64020c0ec0e@kuix.de> <87zg31hoee.fsf@wheatstone.g10code.de> <ba560bb0-0fa5-40a2-b70d-83f36859e17e@metacode.biz> <87v8dphmec.fsf@wheatstone.g10code.de> <17a06888-8516-457f-8ef3-85b7c77ce2f6@kuix.de>
Feedback-ID: 5683226:user:proton
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha256"; boundary="------656f057e00e87282173a6b5c571603bde286980789aeecf1be9551db0205da5b"; charset="utf-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/tltoPRiZJ94NgoWc_F5zwBWXIx0>
Subject: Re: [openpgp] Put Signature in an Email's Header
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Aug 2023 17:07:06 -0000
On 08.08.23 12:13, Werner Koch wrote:
> A signed mail with the signing key included (as done by CMS) is a
> straightforward way to bootstrap encrypted communication. It is mail
> standards compliant and does not break when for example forwarding
> mails.
Good point about forwarding, I didn't consider that previously. And I
realize we also need to ensure that we don't break protected headers.
To investigate, I crafted a message without a multipart/signed layer,
but with a protected header layer. I looked at this message in two
different webmail clients, and that layer wasn't rendered.
This brings me to the following idea: Could we transport that new
signature-header in the header area of an additional multipart/mixed layer?
Example message:
MIME-Version: 1.0
Subject: wrapped in two multipart/mixed, prot hdr and sig
Content-Type: multipart/mixed; boundary="signature";
openpgp-signature="multi-mixed"
Header-Signature: micalg=pgp-sha256;
protocol="application/pgp-signature"; sigdata=
wsF5BAABCAAjFiEEIdFuZ...
=9HqM
--signature
Content-Type: multipart/mixed; boundary="prot-hdr";
protected-headers="v1"
From: Kai Engert <kaie@kuix.de>
To: test <testmail@kuix.de>
Subject: wrapped in two multipart/mixed, prot hdr and sig
--prot-hdr
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
dHF3ZnF3ZWYNCg==
--prot-hdr--
--signature--
When I use forward-as-attachment in Thunderbird with a message of this
structure, the "Header-Signature" header is kept.
Could this work?
Thanks
Kai
_______________________________________________
openpgp mailing list
openpgp@ietf.org
https://www.ietf.org/mailman/listinfo/openpgp
- [openpgp] Combining signature with signer's publi… Kai Engert
- Re: [openpgp] Combining signature with signer's p… vedaal
- Re: [openpgp] Combining signature with signer's p… brian m. carlson
- Re: [openpgp] Combining signature with signer's p… Wiktor Kwapisiewicz
- Re: [openpgp] Combining signature with signer's p… Kai Engert
- Re: [openpgp] Combining signature with signer's p… Werner Koch
- Re: [openpgp] Combining signature with signer's p… holger krekel
- Re: [openpgp] Combining signature with signer's p… Neal H. Walfield
- Re: [openpgp] Combining signature with signer's p… Neal H. Walfield
- Re: [openpgp] Combining signature with signer's p… Hanno Böck
- Re: [openpgp] Combining signature with signer's p… Wiktor Kwapisiewicz
- Re: [openpgp] Combining signature with signer's p… Kai Engert
- Re: [openpgp] Combining signature with signer's p… Wiktor Kwapisiewicz
- Re: [openpgp] Combining signature with signer's p… Neal H. Walfield
- Re: [openpgp] Combining signature with signer's p… Neal H. Walfield
- [openpgp] Put Signature in an Email's Header Neal H. Walfield
- Re: [openpgp] Put Signature in an Email's Header Kai Engert
- Re: [openpgp] Put Signature in an Email's Header Bart Butler
- Re: [openpgp] key distribution by email strategy Heiko Schaefer
- Re: [openpgp] key distribution by email strategy Vincent Breitmoser
- Re: [openpgp] Put Signature in an Email's Header Daniel Kahn Gillmor
- Re: [openpgp] Put Signature in an Email's Header Benjamin Kaduk
- Re: [openpgp] Put Signature in an Email's Header Kai Engert
- Re: [openpgp] Put Signature in an Email's Header Werner Koch
- Re: [openpgp] Put Signature in an Email's Header Kai Engert
- Re: [openpgp] Put Signature in an Email's Header Werner Koch
- Re: [openpgp] Put Signature in an Email's Header Wiktor Kwapisiewicz
- Re: [openpgp] Put Signature in an Email's Header Werner Koch
- Re: [openpgp] Put Signature in an Email's Header Wiktor Kwapisiewicz
- Re: [openpgp] Put Signature in an Email's Header Andrew Gallagher
- Re: [openpgp] Put Signature in an Email's Header Wiktor Kwapisiewicz
- Re: [openpgp] Put Signature in an Email's Header Kai Engert
- Re: [openpgp] Put Signature in an Email's Header Bart Butler
- Re: [openpgp] Put Signature in an Email's Header Andrew Gallagher
- Re: [openpgp] Put Signature in an Email's Header Kai Engert
- Re: [openpgp] Put Signature in an Email's Header Kai Engert
- Re: [openpgp] Put Signature in an Email's Header Bart Butler
- Re: [openpgp] Put Signature in an Email's Header Andrew Gallagher
- [openpgp] key distribution by email strategy Kai Engert
- Re: [openpgp] key distribution by email strategy Werner Koch
- Re: [openpgp] Put Signature in an Email's Header Daniel Kahn Gillmor
- Re: [openpgp] key distribution by email strategy Andrew Gallagher
- Re: [openpgp] key distribution by email strategy Kai Engert
- Re: [openpgp] key distribution by email strategy Steffen Nurpmeso
- Re: [openpgp] key distribution by email strategy Steffen Nurpmeso
- Re: [openpgp] key distribution by email strategy John Scott
- Re: [openpgp] key distribution by email strategy Steffen Nurpmeso
- Re: [openpgp] Put Signature in an Email's Header Bart Butler