One issue that comes up again and again is the question of signed
email headers. Isn't there an obvious solution -- nest an email
message within a PGP/MIME message -- complete with the headers that
you want to protect?
Message gateways could still add headers as usual as the message went
across the net, and of course the To: and From: lines etc. would need
to be on the outer message as well, but client software could warn
users if (for example) the subject line had been changed or the To and
From lines were different.
openpgp mailing list