On 16/07/13 09:16, Werner Koch wrote:
On Tue, 16 Jul 2013 10:06, infinity0(_at_)gmx(_dot_)com said:
On 03/07/13 00:22, Ximin Luo wrote:
What's the current status of this in the PGP/MIME standard? Is it still a
problem? I notice that email subject headers are in a similar situation, and
users have complained about it.[3] The problem of
unencrypted/unauthenticated
recipient is less obvious, so I haven't seen user complaints, but
potentially
There is a simple and standard conform way to tackle this:
message/rfc822 - all covered by PGP/MIME.
FWIW, PGP/MIME allows you to do encrypt-then-sign or any other
combination - if you really want that. PGP/MIME is a well thought out
and matured system created 17 years ago.
Thanks, I will take a look.
Could you take a guess on why this feature is not used more? I haven't seen any
emails that use it (either an encrypted To: or Subject: field), either because
no emails actually use it, or perhaps it's my client's fault for not displaying
it correctly.
As mentioned in a previous link, it includes a security issue due to
surreptitious forwarding of signed messages to unintended recipients. So I
would've thought people writing these PGP email clients would've taken it into
account.
X
--
GPG: 4096R/5FBBDBCE
https://github.com/infinity0
https://bitbucket.org/infinity0
https://launchpad.net/~infinity0
signature.asc
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp