-----BEGIN PGP SIGNED MESSAGE-----
In <v03102801affc26f9a959(_at_)[10(_dot_)0(_dot_)2(_dot_)15]>, on 07/23/97
at 04:27 PM, Steve Schear <azur(_at_)netcom(_dot_)com> said:
It is obvious that descriptive email Subject lines can offer a potential
security leak, aiding traffic analysis and eavesdropping. Therefore
cautious crypto emailers either leave this line blank, use a
non-descriptive header line, etc.
Might it be possible to add a feature to the PGP cyphertext body so email
plug-ins could save the Subject line in the cyphertext, blank the email
field during transit and restore its value after decryption at the
receiptient end?
This can be doen quite easily by the client software as follows:
Create message
sign message
encrypt message with final recipiant's public key
Create new message where old message is a multipart/encrypted attachment.
[New Header multipart/mixed]
[message/rfc822]
[application/pgp-encrypted]
[application/octet-stream]
The only information in the header of the new message is that which is
need to deliver the message. After this new message has been created one
does the proper encryption wrapping for the remailer chain.
IMHO this all should be handled on the client end and really shouldn't
involve PGP at all.
- --
- ---------------------------------------------------------------
William H. Geiger III http://www.amaranth.com/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html
- ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBM9Zy149Co1n+aLhhAQE/dAP/bBqmbtqANkxOf4JooXlqpOJEliGCrgzs
z2hnIPkKeeEf5DOTDMsyErS2KWQJG1+IuqmCOCR4fHbcv0dWaX7BwFo44XBz4z8O
NnpBKQ7EuhlxTjst+01JhT9INHSswucEwRE1e3eDLikX61aYnmzLC9COmSDuP8PZ
m0ttAAMiij0=
=0tWr
-----END PGP SIGNATURE-----