This is getting much more complicated than it needs to be, and is
likely to break interoperability with non-enhanced clients.
The simplest thing to do is to say:
- Senders should put the minimum that they want in the unprotected headers
- Senders include as much as they want protected in a
text/rfc822-header part at the beginning of a multipart/mixed message
- Enhanced clients should display the message with the headers from
the text/rfc822-header part moved to where the user thinks he/she
sees the headers. In the case of headers that are in both in the 822
message and in the text/rfc822-header body part, the latter wins
(because it is protected)
Even simpler than this is to use message/rfc822. It has the advantage that
conformant MUAs are supposed to handle it. There is no such requirement for
text/rfc822-header.
- The moved-up headers may cause side-effects that the MUA should act
on. For example, if the Cc: in the 822 headers is "bill(_at_)example(_dot_)com"
but the Cc: in the protected headers is "amy(_at_)example(_dot_)com", the "reply
to all" action should include amy but not include bill.
The rules for header merging from message/partial can probably be applied
here.
Ned