On Sat 2015-03-28 10:19:54 -0400, Albrecht Dreß wrote:
And I think it's not necessary if RFC 5751 would simply define that
the "inner" protected message container *must* have the same
Message-ID as the "outer" one. If anyone is concerned that this
violates the requirement of uniqueness (RFC 5322, sect. 3.6.4), the
inner container could have instead of the "Message-ID" (which is *not*
required!) something like a "Protected-Message-ID" with the same
value. If someone tampered with the "outer" message-id, the receiving
MUA could still detect this case by the presence of the
"Protected-Message-ID". This approach would *not* break compatibility
with existing implementations.
requiring the inner-message-id to be identical to the outer message-id
would mean that you would not be able to hide the message-id in an
encrypted message.
hiding the message-id would be useful, for example, when sending the
same message to multiple mailboxes, encrypted separately, but not
wanting the server operators to be able to link those messages together
as the same message.
--dkg
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp