Today, a user is free to include a To:, From:, and Subject: field at
the beginning of his signed and encrypted message. We should make sure
we don't do anything in the process of MIME integration that prevents that.
Charlie,
In the PEM-MIME spec we've just released, the signed body part may be
any MIME type. to send a signed message, the spec permits either
encapsulating the entire message, including the headers, or just
protecting the text. The latter corresponds to the approach taken in
the current PEM (RFC 1421) spec. We intend to implement PEM-MIME so
that header are normally included.
As has been pointed out, usually only some of the header fields will
be available at the time of encapsulation, so the protected headers
may be To:, Cc: and Subject:, but the From: and Date: fields may not
be included. Of course, the identity of the signer will be known via
his/her dname.
Steve