Quoting Richard Atterer (deb-devel@list.atterer.net): > * you can encrypt the subject line of an encrypted mail Leave the subject out, mention it in the body ? > * you get protection against replay attacks; if a signed message is > intercepted and then delivered to someone else, then that person will > see a valid signature, but they may not realize that they were not the > intended recipient. E.g. imagine someone signing a single-line mail > saying "I agree to the terms of the contract we talked about"... See the reply of Tollef Fog Heen. > These in-message headers should really, really be supported by > RFC2015-compliant mailers! A 'Reply-To:' header is meant for mailers to be parsed, so they can set a valid 'To:' address when replying. The body should not contain headers (you know, the 'header', 'body' difference), and my MUA should not check if they are there. An empty Cc: header is also rather useless, especially when it's in the body; this should be parsed by _your_ MTA, so it can deliver correctly. This means a big part of the headers you include in the body, are in the wrong place. Even if you disregard the RFC's that say headers should be in the header section, there are more than enough reasons to keep them there, especially the machine-parsed ones. Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key. <zarq> ik neuk alles wat los en vast zit en beehhh roept
Attachment:
pgpOpFM0FKci3.pgp
Description: PGP signature