All, One of the ongoing problems with people using PGP is that people put confidential information in the mail subject lines, eg: Subject: Proposed purchase of Excite@Home Subject: Your STD test results Subject: Planned head count reduction etc. So over the years there have been plenty of fixes involving CMS encrypted attributes etc. which gets into the rat hole of what other headers to add in. So instead of that how about the following fix: 1) A Best Current Practice Draft that says 2) Clients SHOULD offer users the option of replacing the subject line on confidential messages and carrying the subject as the first line in the body of the message. So the above message would become Subject: Confidential Subject: Confidential Subject: Confidential And when opened we get something like: Subject: Confidential Subject: Proposed purchase of Excite@Home Alice, Yadda Yadda Yadda .... So, no need for any modification of existing specs, complete backwards interop and the bug in the spec gets fixed. Phill Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@xxxxxxxxxxxx 781 245 6996 x227
Attachment:
Phillip Hallam-Baker (E-mail).vcf
Description: Binary data