From: kazu(_at_)iijlab(_dot_)net
Could (and should) any replacements for RFC2015 and RFC2311 be
amended
to allow RFC822 headers to be sent encrypted, and for the
decryption
process to swap any encrypted headers found with the corresponding
headers in the actual message?
To my best knowledge, there is a non-official scheme to do this. Here
is an example:
X-PGP-Sig: 2.6.3ia Subject,From,X-Mailer
iQCVAwUBM84wngE7m572a9utAQETEgQAwcL38QVdZbkHuW4Mblmje17deuI85R1j
4yGiDlb1enRDSUyGiLCmk8YphNDiLdKKlMV3Z0opzREUW9Q+sb8fr5s1QXMJhvXs
7hi7s4+V00rjgbqbqXVNiajKiKfVxd7JTRfe0UIZuOljnURP1ZCMlSRD1rDoCEAg
1vunQv6QYj4=
=hvn0
This is a header field to be stored in a header, mixed with fields to
be proteced such as Subject, From, and X-Mailer.
If you are interested, I will ack the author to explain his
experiences.
Of course, there's already a mature technology which uses PGP to
encapsulate message headers and contents, which replace the original
message headers and contents after decryption. It's used in the Type 1
Cypherpunk remailers. :-)
I'm not proposing that you should use this; it doesn't seem
appropriate.
But it is worth studying as a reference technology which achieves the
privacy goals being discussed her.