[Gpg4win-devel] GpgOL MIME and protected headers

Bernhard Reiter bernhard at intevation.de
Fri Mar 19 11:53:26 CET 2021 

Andre,

like you have seen on gnupg-devel@ I've read through a few documents
regarding protected headers and did some thinking:

My (current) suggestion for GpgOL (and all MUAs) is:

* Implement reading of one wrapped message as by the draft.

  This makes most sense to me: It is most backwards compatible and
  and the leading variant in the current draft. (And there should be only
  one way to implement it). 

  You probably are going to need it for S/MIME and OpenPGP/MIME  
  sooner or later.

  The security implications (that we had considered a long while back)
  can be handled if it is only one wrapped message that is supported for now.


* If such an email is detected, you could, if possible mark the
  subject and other headers somehow, so people can see the
  unprotected headers, but know there are potentially second
  values. We have to deal with all the upcoming usability problems
  later. But this is a minimal version that helps trained people and
  does not lose information (like the current Thunderbird implementation
  does.)

* If writing is implemented it should be disabled by default and could be
  enabled if it is well known that recipients can handle it, like
  a direct reply to an email in the same format.

* A reply MUST consider protected to: and cc: headers instead of
  the outer ones.

* (unsure) Any reply of an encrypted email should not quote by default
  is something I consider as recommendation.

With further reading my suggestions may change, but I wanted to give you
my current ideas and some reasoning. (Shall I place it somewhere, 
dev.gnug.org? Tracker?)

Next I will see if I can find out why something else than the "wrapped" method 
was proposed.

Best,
Bernhard
-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20210319/c73740e0/attachment.sig>

More information about the Gpg4win-devel mailing list