Protection mail at rest
Simon Josefsson
simon at josefsson.org
Wed Jun 4 10:24:15 EDT 2008
Victor Duchovni <Victor.Duchovni at morganstanley.com> writes:
> On Tue, Jun 03, 2008 at 04:37:20PM -0400, Eric Cronin wrote:
>
>>
>> On Jun 3, 2008, at 11:51 AM, Adam Aviv wrote:
>>
>> >Depending on the level of protection you want, you could just add a
>> >script to your .forward to encrypt your email before delivery using
>> >PGP/GPG. However, this will leave the headers in the clear, so you
>> >will likely want to create an entirely new envelope for the message
>> >with the original message encrypted as the body or an attachment.
>>
>> Does anybody have a recipe for this first mode handy? plain text e-
>> mails seem simple enough, but there needs to be a bit of MIME
>> unwrapping and rewrapping to correctly handle attachments so that the
>> client sees/decrypts them correctly I think. I've searched from time
>> to time and never found a good HowTo...
>
> S/MIME supports enveloped MIME objects, if PGP does not work out for MIME
> entities, you could try that. S/MIME is natively supported in Thunderbird,
> Apple Mail, and similar MUAs.
Actually, PGP/MIME uses the same high-level mechanism to wrap MIME
objects as S/MIME does: http://www.ietf.org/rfc/rfc1847.txt
The PGP/MIME description is in: http://www.ietf.org/rfc/rfc3156.txt
Specification wise both should work equally well, but implementation
quality may differ.
What is often overlooked is that the e-mail envelope (including the
Subject: header field) is not protected or even encrypted under RFC 3156
unless you forward the entire e-mail as a message/rfc822 MIME part
within the PGP/MIME (or S/MIME) message. Interoperability of that has
historically been poor, but the more modern MUAs should handle it today.
Writing a .forward proxy that wraps incoming e-mails into PGP/MIME
encrypted message/rfc822 attachments should be simple, probably simpler
than PGP/MIME wrapping all the individual MIME parts in the incoming
e-mail.
/Simon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list