[Top] [All Lists]

The subject line leakage problem

2001-12-17 11:34:09

        One of the ongoing problems with people using PGP is that people put
confidential information in the mail subject lines, eg:

Subject: Proposed purchase of Excite(_at_)Home
Subject: Your STD test results
Subject: Planned head count reduction


So over the years there have been plenty of fixes involving CMS encrypted
attributes etc. which gets into the rat hole of what other headers to add

So instead of that how about the following fix:

1) A Best Current Practice Draft that says
2) Clients SHOULD offer users the option of replacing the subject line on
confidential messages and carrying the subject as the first line in the body
of the message.

So the above message would become

Subject: Confidential
Subject: Confidential
Subject: Confidential

And when opened we get something like:

Subject: Confidential

Subject: Proposed purchase of Excite(_at_)Home

        Yadda Yadda Yadda ....

        So, no need for any modification of existing specs, complete
backwards interop and the bug in the spec gets fixed.


Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
781 245 6996 x227

Attachment: Phillip Hallam-Baker (E-mail).vcf
Description: Binary data

<Prev in Thread] Current Thread [Next in Thread>