Richard Atterer <attererat_private-muenchen.de> writes: > PGP and MUAs with PGP support should either make it very clear that > the subject is not encrypted, or (ideally) a facility for encrypted > message headers should be added to OpenPGP. OpenPGP does not concern itself with these things. The relevant standards integrating it with MIME (rfc2015 et al) however do, and since the signed/encrypted part is just another MIME part, you can put arbitrary headers there. Nowadays these part usually only has a Content-Type header, but this is not AFAIK in any way required. However MUAs must support that first, i.e. allow you to define private headers in addition to the public ones, and be able to replace message headers with those coming from inside a crypto envelope. Example (The part prefixed with "& " is in reality encrypted): From: nobodyat_private To: John Doe <doeat_private> Subject: <undisclosed> [...more standard e-mail headers...] Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary=foo --foo Content-Type: application/pgp-encrypted Version: 1 --foo Content-Type: application/octet-stream -----BEGIN PGP MESSAGE----- & From: Fred Smith <whistleblowerat_private> & Subject: the sylvester memo & Content-Type: multipart/mixed; boundary=bar & & --bar & Content-Type: text/plain; charset=us-ascii & & Attached is a scan of the internal memo that proves the facts I & talked to you about. & & --bar & Content-Type: image/jpeg & Content-Transfer-Encoding: base64 & & [...] & & --bar-- -----END PGP MESSAGE----- --foo-- -- Robbe
This archive was generated by hypermail 2b30 : Fri Jun 29 2001 - 14:46:44 PDT