[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The subject line leakage problem

To: "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx>
Subject: Re: The subject line leakage problem
From: "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>
Date: Tue, 18 Dec 2001 09:42:21 -0500
Cc: ietf-smime@xxxxxxx
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx

Phil:

Thanks for raising this issue.

After the intended-recipients discussion, it was clear to me that several 
RFC 821 header lines needed various forms of protection.  The level of 
automated checking is different for each of them.  Some need 
confidentiality, and others do not (and cannot without disrupting the mail 
delivery).

I would like to steer this discussion toward a signed attribute (a CHOICE 
of IA5String and UTF8String (for international characters that are coming 
soon)).  The attribute would contain a subset of the header lines.

My initial cut at the header lines that ought to be included are FROM, TO, 
CC, SUBJECT, and DATE.  So, for Phil's message that started this thread, 
the attribute would contain:

     From: "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx>
     To:
     Cc: ietf-smime@xxxxxxx
     Subject: The subject line leakage problem
     Date: Mon, 17 Dec 2001 10:34:39 -0800

I think that the content-hints attribute defined in RFC 2634 should be used 
to carry the real subject line when the RFC 821 header carries a masked 
subject line.

Russ

At 10:34 AM 12/17/2001 -0800, Hallam-Baker, Phillip wrote:
>All,
>
>         One of the ongoing problems with people using PGP is that people
put
>confidential information in the mail subject lines, eg:
>
>Subject: Proposed purchase of Excite@Home
>Subject: Your STD test results
>Subject: Planned head count reduction
>
>         etc.
>
>So over the years there have been plenty of fixes involving CMS encrypted
>attributes etc. which gets into the rat hole of what other headers to add
>in.
>
>So instead of that how about the following fix:
>
>1) A Best Current Practice Draft that says
>2) Clients SHOULD offer users the option of replacing the subject line on
>confidential messages and carrying the subject as the first line in the
body
>of the message.
>
>
>So the above message would become
>
>Subject: Confidential
>Subject: Confidential
>Subject: Confidential
>
>And when opened we get something like:
>
>Subject: Confidential
>
>Subject: Proposed purchase of Excite@Home
>
>Alice,
>         Yadda Yadda Yadda ....
>
>
>         So, no need for any modification of existing specs, complete
>backwards interop and the bug in the spec gets fixed.
>
>                 Phill
>
>Phillip Hallam-Baker FBCS C.Eng.
>Principal Scientist
>VeriSign Inc.
>pbaker@xxxxxxxxxxxx
>781 245 6996 x227
>
>
>

============================================================================
================
This e-mail, its content and any files transmitted with it are intended
solely for the addressee(s) and are PRIVILEGED and 
CONFIDENTIAL.  Access by any other party is unauthorized without the express
prior written permission of the sender.  If 
you have received this e-mail in error you may not copy, disclose to any
third party or use the contents, attachments or 
information in any way, Please delete all copies of the e-mail and the
attachment(s), if any and notify the sender. 
Thank You.
============================================================================
================

Prev by Date: RE: The subject line leakage problem
Next by Date: RE: The subject line leakage problem
Previous by thread: Re: The subject line leakage problem
Next by thread: RE: The subject line leakage problem
Index(es):
- Date
- Thread