crypto flaw in secure mail standards

Bram Cohen bram at
Fri Jun 22 17:35:49 EDT 2001

The problem here is that all the encrypted mail standards don't actually
send encrypted mail, they send encrypted files in mail. A *mail* message
consists of headers and a body. The right way to send encrypted mail is to
create a mail message, encrypt it headers and all, and include that in a
mail message of type multipart/alternative, with the alternative being a
text message saying 'this mail is encrypted'.

The sticky point is the Message-id header, which is generally tacked on by
the server. There are a couple ways it could be dealt with.

I recently did some digging into encrypted mail standards and was appalled
that they don't work that way. Reinventing how mail works is not something
one should do while giving it encryption. I raised a big stink about it on
coderpunks and said I'd make my own standard for encrypted mail before I'd
implement any of the existing ones, which I got a bunch of criticism
for. I didn't realize at the time that the existing ones are insecure in
addition to being stupid.

-Bram Cohen

"Markets can remain irrational longer than you can remain solvent"
                                        -- John Maynard Keynes

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list