ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers

2013-07-16 17:05:24
from [Ximin Luo] [Permanent Link] 
On 16/07/13 11:01, Werner Koch wrote:

On Tue, 16 Jul 2013 10:28, infinity0(_at_)gmx(_dot_)com said:


Could you take a guess on why this feature is not used more? I haven't seen 
any


The first question should be, why OpenPGP is not used more.  The subject
fulfills an important task: It allows to quickly sort and order
messages.  An encrypted subject would require that you decrypt all
messages even if you are not interested in them.  Further, support for
arbitrary nested MIME structures seems to be broken in some MUAs.



I think those are separate questions. :p

Your argument about "would require decrypt" is not tight; it applies equally to 
the message contents ("you can't search yada"). This is a 
trade-security-for-convenience approach, which is asking for trouble even if 
you can't explicitly think of an attack.

For maximum security, all headers that have end-to-end semantics should be 
added to the signed part of the message, and only the subset of these that are 
actually necessary for email to work correctly, should be sent in the clear.

For example, one could imagine an attack where you have 1000 messages in a 
thread with 10 people, then you could infer from the plaintext References: 
headers, a prediction on which of these 10 people are closely connected with 
each other. You can attack the plaintext To: header as I described in a 
previous post, and perhaps you can similarly attack the Subject: header even 
though right now it *seems* unimportant. A future application may use email 
transport in a novel way and treat the Subject: header to have much more 
valuable semantic meaning that affects application logic, wrongly assuming that 
PGP sign+encrypt is "secure" in that area.

X
 


Salam-Shalom,

   Werner


p.s.
What I do is to use a nonsense subject line for encrypted messages.  This
helps to remember the context of a mail thread while not revealing the
content of the conversation.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers, Ximin Luo
Next by Date:  Re: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers, Werner Koch
Previous by Thread:  Re: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers, Werner Koch
Next by Thread:  Re: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers, Werner Koch
Indexes:  [Date] [Thread] [Top] [All Lists]