ietf-822
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Do S/MIME and OpenPGP protect message headers?

2011-12-28 09:33:56
from [Rolf E. Sonneveld] [Permanent Link] 
Hi,
just to check: S/MIME (http://tools.ietf.org/html/rfc5751) does not does include/cover the 5322.From and the 5322.To fields as part of the cryptographic payload. Protection of headers can be achieved by wrapping up a the complete message into a message/rfc822 bodypart and sign/encrypt that (par. 3.1 of that RFC). How is that with OpenPGP (http://tools.ietf.org/html/rfc4880)? OpenPGP does not protect 5322.From and 5322.To either, does it? 

Par. 5.11 of RFC4880:

   A User ID packet consists of UTF-8 text that is intended to represent
   the name and email address of the key holder.  By convention, it
   includes anRFC 2822  <http://tools.ietf.org/html/rfc2822>  [RFC2822  
<http://tools.ietf.org/html/rfc2822>] mail name-addr, but there are no
   restrictions on its content.  The packet length in the header
   specifies the length of the User ID.
The recipient address is not mentioned anywhere. So is the following statement correct?:
Neither S/MIME nor OpenPGP protects the '5322.headers' of a message, unless that message itself is wrapped up and used as body of an enclosing S/MIME or PGP message 

/rolf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Privicons and redaction, Alessandro Vesely
Next by Date:  Re: Do S/MIME and OpenPGP protect message headers?, Dave CROCKER
Previous by Thread:  Privicons and redaction, Alessandro Vesely
Next by Thread:  Re: Do S/MIME and OpenPGP protect message headers?, Dave CROCKER
Indexes:  [Date] [Thread] [Top] [All Lists]