[Top] [All Lists]

RE: The subject line leakage problem

2001-12-18 08:28:38


The subject line issue is not a problem in the X.400 world.  SMTP carries 
the subject line is in the envelope.  The corresponding X.400 protocols 
(P1, P3, and P7) do not.  In X.400, the subject line is part of the content.

X.400 does have similar issues with TO, CC, and FROM.  Both SMTP and X.400 
would like to integrity protect these.


At 09:40 PM 12/17/2001 -0800, Jim Schaad wrote:

At 1:37 PM -0800 12/17/01, Hallam-Baker, Phillip wrote:
On the 'replace other headers', the problem there is that we
end up back in
the rat-hole. People will propose all sorts of random
headers ad infinitum.

That doesn't matter because RFC 2822 allows you to add as many
ill-conceived headers as you want to a message.

And others will counter that there are integrity problems
and then we have
the interop issue, etc.

There is no interop issue. What I proposed was that headers found in
the body part be *displayed* in the message, not substituted into the
message for storage. It's a user presentation hack, not a message
format hack.

I don't think that the problem is big enough to require a
whole new S/MIME
spec to solve, just a minor tweak to implementations.

Fully agree.

--Paul Hoffman, Director
--Internet Mail Consortium

First, this is an issue for signed as well as encrypted messages.  You
want to protect the subject for signed messages as well as hide the
subject for encrypted messages.

Second, the solution of putting items here solves the problem for
MIME/Internet mail.  But I think that we need to ask the X.400
communities if they want the problem solved for them as well.

Third, I worry about what happens for forms type messages.  Using the
multipart may take care of this however.  We initially had a "bug" in
Microsoft Outlook Express where we place the 822 headers in the body of
the message, and then populated the display headers from this
information.  I agree that this is a bad solution and should not be


This e-mail, its content and any files transmitted with it are intended
solely for the addressee(s) and are PRIVILEGED and 
CONFIDENTIAL.  Access by any other party is unauthorized without the express
prior written permission of the sender.  If 
you have received this e-mail in error you may not copy, disclose to any
third party or use the contents, attachments or 
information in any way, Please delete all copies of the e-mail and the
attachment(s), if any and notify the sender. 
Thank You.