[Gpg4win-devel] GpgOL MIME and protected headers
Bernhard Reiter
bernhard at intevation.de
Fri Mar 19 11:53:26 CET 2021
Andre,
like you have seen on gnupg-devel@ I've read through a few documents
regarding protected headers and did some thinking:
My (current) suggestion for GpgOL (and all MUAs) is:
* Implement reading of one wrapped message as by the draft.
This makes most sense to me: It is most backwards compatible and
and the leading variant in the current draft. (And there should be only
one way to implement it).
You probably are going to need it for S/MIME and OpenPGP/MIME
sooner or later.
The security implications (that we had considered a long while back)
can be handled if it is only one wrapped message that is supported for now.
* If such an email is detected, you could, if possible mark the
subject and other headers somehow, so people can see the
unprotected headers, but know there are potentially second
values. We have to deal with all the upcoming usability problems
later. But this is a minimal version that helps trained people and
does not lose information (like the current Thunderbird implementation
does.)
* If writing is implemented it should be disabled by default and could be
enabled if it is well known that recipients can handle it, like
a direct reply to an email in the same format.
* A reply MUST consider protected to: and cc: headers instead of
the outer ones.
* (unsure) Any reply of an encrypted email should not quote by default
is something I consider as recommendation.
With further reading my suggestions may change, but I wanted to give you
my current ideas and some reasoning. (Shall I place it somewhere,
dev.gnug.org? Tracker?)
Next I will see if I can find out why something else than the "wrapped" method
was proposed.
Best,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20210319/c73740e0/attachment.sig>
More information about the Gpg4win-devel
mailing list