On Sat, Sep 13, 2014 at 10:54 AM, Werner Koch <[email protected]> wrote:
> On Fri, 12 Sep 2014 19:48, [email protected] said: > > > 1) S/MIME doesn't fully protect users mail envelope metadata. For > example > > the recipient and envelope-sender must be visible to the intermediate > SMTP > > If you want that, it is easy to put the messaqge into a message/rfc822 > mail container and use faked subject and other mailer header. > Right I agree that there is a RFC5751 sec 3.1 ( http://tools.ietf.org/html/rfc5751#page-18 ) that mentions the message/rfc822, but unless I'm missing something one still has to specify the intended recipient, and a return path. Even if the body and most headers were wrapped hence private, an adversary could still find the sender/recipient information very useful. Another issue albeit a small one with message/rfc822, was what to do if the headers conflicted between the outer and inner messages. -Wei > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > >
_______________________________________________ Endymail mailing list [email protected] https://www.ietf.org/mailman/listinfo/endymail
