From: ned(_dot_)freed(_at_)innosoft(_dot_)com
Subject: Re: confidential subject lines -> use content description field w/
pgp/mime?
Date: Sun, 04 Jun 2000 21:11:38 -0700 (PDT)
Message-ID: <01JQ7WIKK0280001I2(_at_)mauve(_dot_)mrochek(_dot_)com>
...
does that sound about right?
Yes, except that the protection extends to the envelope when you use BSMTP.
If all you want to protect is the header it is easier to just use a
message/rfc822 MIME encapsulation.
so to protect the confidentiality of the Subject header:
sending side
1) create a rfc 822 message (contains Subject)
2) mime encapsulate the message
3) encrypt (and optionally sign)
4) send the message
receiving side
5) receive the message
6) decrypt (and optionally verify signature)
7) extract (recreate) the original message
8) read as usual (can see the Subject)
right?
if there is no better method yet, imo, it would be a good idea for
this method of protecting headers to receive some kind of
"endorsement" (e.g. mentioned in the openpgp/mime or some other spec
for instance -- a separate document is may be too much, but who
knows).
also, i noticed the following statement in a past (septemeber 17th
1998) post by you in the archives:
There are many applications where the envelope itself is sensitive and
needs end-to-end protection.
but i did not notice any concrete examples of such applications. would you
mind mentioning a few?
Two words: traffic analysis. Knowing who's getting a message is often enough to
tell you something even if the contents are obscured.
Ned