ietf-smime
[Top] [All Lists]

RE: The subject line leakage problem

2001-12-17 22:41:10



At 1:37 PM -0800 12/17/01, Hallam-Baker, Phillip wrote:
On the 'replace other headers', the problem there is that we 
end up back in
the rat-hole. People will propose all sorts of random 
headers ad infinitum.

That doesn't matter because RFC 2822 allows you to add as many 
ill-conceived headers as you want to a message.

And others will counter that there are integrity problems 
and then we have
the interop issue, etc.

There is no interop issue. What I proposed was that headers found in 
the body part be *displayed* in the message, not substituted into the 
message for storage. It's a user presentation hack, not a message 
format hack.

I don't think that the problem is big enough to require a 
whole new S/MIME
spec to solve, just a minor tweak to implementations.

Fully agree.

--Paul Hoffman, Director
--Internet Mail Consortium


First, this is an issue for signed as well as encrypted messages.  You
want to protect the subject for signed messages as well as hide the
subject for encrypted messages.

Second, the solution of putting items here solves the problem for
MIME/Internet mail.  But I think that we need to ask the X.400
communities if they want the problem solved for them as well.

Third, I worry about what happens for forms type messages.  Using the
multipart may take care of this however.  We initially had a "bug" in
Microsoft Outlook Express where we place the 822 headers in the body of
the message, and then populated the display headers from this
information.  I agree that this is a bad solution and should not be
persued.

Jim