> Its clear that this indicator has to be on the "inside", since you want the
> signature to be able to cover it. This then begs the question of whether
> it should be an attribute of the signature/encryption facility or of the
> MIME message/rfc822 content.
Putting the indicator the header exposes information about the message --
the decrypted contents of the message is supposed to replace the headers of
the message. Keeping it inside doesn't reveal this.
The header indicator would be on the _inner_ header, not the outer one.
This is no more revealing than anything else that's "inside".
> I personally favor a message/rfc822 parameter, but I can also see a case for
> putting it elsewhere. What do other people think? If there seems to be
> consensus that this needs to be on message/rfc822, I'd be happy to write
> a short draft defining such a parameter.
Maybe only the truly paranoid care about this, but it does violate a
security principle. Putting it inside the ciphertext probably complicates
the MUA's job, but I don't think it's a particularly daunting complication.
I'm talking about putting it inside the ciphertext (assuming encyption
is used, of course).
Amusingly enough, we've had objections in the past from security experts saying
that putting the MIME labelling of the encrypted content inside the encryption
is a Bad Thing. (Of course this didn't result in any changes.) So much for
agreement in principle ;-)
Ned