Thomas Roessler, <roessler(_at_)guug(_dot_)de>, writes:
The current draft states the following on the generation
of Message-IDs:
The MessageID should not appear unless it is in a
multi-part message. If it appears at all, it MUST be
computed from the message in a deterministic fashion,
rather than contain a purely random value. This is to
allow anyone to determine that the MessageID cannot serve
as a covert means of leaking cryptographic key
information.
I consider this to be a dangerous approach, since it may
let _plaintext_ information leak to the public: Consider
some (broken) implementation using an SHA1 hash of the
message - to "prove" that some suspected plaintext is
actually the one you have, you only need to have a look at
the Message ID.
What it is trying to say is that any third party should be able to verify
the MessageID as a function of the message, so that nothing can be leaked.
This means that it can only be based on a deterministic function of the
armored data (or, equivalently, of the binary data which is armored).
Perhaps the wording could be clarified.
Hal