[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: The subject line leakage problem

To: jimsch@xxxxxxxxxx
Subject: RE: The subject line leakage problem
From: "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>
Date: Tue, 18 Dec 2001 10:28:20 -0500
Cc: ietf-smime@xxxxxxx
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx

Jim:

The subject line issue is not a problem in the X.400 world.  SMTP carries 
the subject line is in the envelope.  The corresponding X.400 protocols 
(P1, P3, and P7) do not.  In X.400, the subject line is part of the content.

X.400 does have similar issues with TO, CC, and FROM.  Both SMTP and X.400 
would like to integrity protect these.

Russ

At 09:40 PM 12/17/2001 -0800, Jim Schaad wrote:

> >
> > At 1:37 PM -0800 12/17/01, Hallam-Baker, Phillip wrote:
> > >On the 'replace other headers', the problem there is that we
> > end up back in
> > >the rat-hole. People will propose all sorts of random
> > headers ad infinitum.
> >
> > That doesn't matter because RFC 2822 allows you to add as many
> > ill-conceived headers as you want to a message.
> >
> > >And others will counter that there are integrity problems
> > and then we have
> > >the interop issue, etc.
> >
> > There is no interop issue. What I proposed was that headers found in
> > the body part be *displayed* in the message, not substituted into the
> > message for storage. It's a user presentation hack, not a message
> > format hack.
> >
> > >I don't think that the problem is big enough to require a
> > whole new S/MIME
> > >spec to solve, just a minor tweak to implementations.
> >
> > Fully agree.
> >
> > --Paul Hoffman, Director
> > --Internet Mail Consortium
> >
>
>First, this is an issue for signed as well as encrypted messages.  You
>want to protect the subject for signed messages as well as hide the
>subject for encrypted messages.
>
>Second, the solution of putting items here solves the problem for
>MIME/Internet mail.  But I think that we need to ask the X.400
>communities if they want the problem solved for them as well.
>
>Third, I worry about what happens for forms type messages.  Using the
>multipart may take care of this however.  We initially had a "bug" in
>Microsoft Outlook Express where we place the 822 headers in the body of
>the message, and then populated the display headers from this
>information.  I agree that this is a bad solution and should not be
>persued.
>
>Jim

============================================================================
================
This e-mail, its content and any files transmitted with it are intended
solely for the addressee(s) and are PRIVILEGED and 
CONFIDENTIAL.  Access by any other party is unauthorized without the express
prior written permission of the sender.  If 
you have received this e-mail in error you may not copy, disclose to any
third party or use the contents, attachments or 
information in any way, Please delete all copies of the e-mail and the
attachment(s), if any and notify the sender. 
Thank You.
============================================================================
================

Follow-Ups:
- Re(2): The subject line leakage problem
  - From: Jim Craigie
- RE: The subject line leakage problem
  - From: ned . freed

Prev by Date: Re: The subject line leakage problem
Next by Date: RE: The subject line leakage problem
Previous by thread: Re: The subject line leakage problem
Next by thread: RE: The subject line leakage problem
Index(es):
- Date
- Thread