[Gpg4win-devel] GpgOL MIME and protected headers

Bernhard Reiter bernhard at intevation.de
Fri Mar 19 13:12:43 CET 2021


Hi Andre,

> We have this already and I worked on it a bit more in the development
> version. I'm not a hundret percent sure what you mean by wrapped messages.

as defined in
https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/?include_text=1

> In generall my aim was to support all the testmails from the  autocrypt
> repo ( https:// github.com/autocrypt/protected-headers )

In my opinion you shouldn't, the draft linked there is outdated
https://datatracker.ietf.org/doc/draft-autocrypt-lamps-protected-headers/
and superceded by the active one I've linked above.

With now now real solution being implemented, a good implementation strategy 
is to implement only one standard solution, the best from all the variants.
It would implement implementations and security for everyone, if there are 
three ways to implemented protected headers.

Otherwise we promote fragmentation, which will hurt the email ecosystem
again. (Just like Thunderbird did.)

> And also the new Enigmail code which uses an extra text part for the
> headers.

Which idea do they implement and why?

> We cannot store the Subject in a way that would work with
> Outlooks threading without potentially storing the Subject also on the
> server. So in the message list it will only show ...

My idea was to change the outer mail subject with an indicator like
  [unprotected] ...
  [unprotected] what ever there was
(this is just an example "[unprotected]" is probably not optimal)

> I don't see a real value in indicating that other headers except the
> subject were signed.

In brief:
If there is a difference between cc: inner and outer, there is a manipulation
that users somehow notice.

[..]
> I also don't really see the value.

CC: is like a small mailing list, I want to know who are the intended 
participants by the sender.


> I think the different methods were proposed because different mailers
> without protected-headers support showed the mime parts differently.

Thanks for the pointers, I need to do some reading on them.
I guess we'll chat on the phone for some of the usability ideas.

Best,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20210319/75e53c1b/attachment.sig>


More information about the Gpg4win-devel mailing list