Richard Atterer <[EMAIL PROTECTED]> writes:
> PGP and MUAs with PGP support should either make it very clear that
> the subject is not encrypted, or (ideally) a facility for encrypted
> message headers should be added to OpenPGP.
OpenPGP does not concern itself with these things. The relevant
standards integrating it with MIME (rfc2015 et al) however do, and
since the signed/encrypted part is just another MIME part, you can put
arbitrary headers there. Nowadays these part usually only has a
Content-Type header, but this is not AFAIK in any way required.
However MUAs must support that first, i.e. allow you to define
private headers in addition to the public ones, and be able to replace
message headers with those coming from inside a crypto envelope.
Example (The part prefixed with "& " is in reality encrypted):
From: [EMAIL PROTECTED]
To: John Doe <[EMAIL PROTECTED]>
Subject: <undisclosed>
[...more standard e-mail headers...]
Content-Type: multipart/encrypted;
protocol="application/pgp-encrypted"; boundary=foo
--foo
Content-Type: application/pgp-encrypted
Version: 1
--foo
Content-Type: application/octet-stream
-----BEGIN PGP MESSAGE-----
& From: Fred Smith <[EMAIL PROTECTED]>
& Subject: the sylvester memo
& Content-Type: multipart/mixed; boundary=bar
&
& --bar
& Content-Type: text/plain; charset=us-ascii
&
& Attached is a scan of the internal memo that proves the facts I
& talked to you about.
&
& --bar
& Content-Type: image/jpeg
& Content-Transfer-Encoding: base64
&
& [...]
&
& --bar--
-----END PGP MESSAGE-----
--foo--
--
Robbe
signature.ng
