GnuPG wiki
  • Comments
  • Immutable Page
  • Menu
    • Navigation
    • RecentChanges
    • FindPage
    • Local Site Map
    • Help
    • HelpContents
    • HelpOnMoinWikiSyntax
    • Display
    • Attachments
    • Info
    • Raw Text
    • Print View
    • Edit
    • Load
    • Save
  • Login

Navigation

  • RecentChanges
  • FindPage
  • HelpContents

Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment
What is the surname of the main author of GnuPG?

  • HeaderProtectionWithMemoryHole

OpenPGPEmailSummit: Protected Headers / Memory Hole

Memory Hole spec and documentation: https://github.com/modernpgp/memoryhole/
Workshop at 2nd OpenPGP Email Summit, Dec 2015 run by dkg

Overview / Status

t.b.d.

Workshop Notes

Parts of toipc to regard: UI, Generation, Interpreting

General

  • memhole headers have to be first mime part within email/protected area.
  • protected email = memory hole signed/encrypted email ??? first memhole headers found within protected part of email should bubble out and be displayed to the user.

Signed

Generating

  • Memhole for signed message easiest to accomplish, presentation available already in every mua
  • Select headers to protect when signing:
  • From
  • To, CC
  • Date
  • Reply-To
  • Message-ID
  • References, In-Reply-To
  • memoryhole header line, including memhole version
  • include flag if first existing rfc822 part inside protected area should be interpreted as force-display header
  • Order to interpret each line has protection info, starts with 0 exclude content-type! just from top level how to resolve differences

Display/UI

  • show that headers are memhole headers somehow
  • show memhole headers accordingly to mua style of showing (non) tampered signatures/emails
  • when receiving emails with signed and unsigned parts, user should be able to show unsigned/"weird" parts of email. by default only display signed parts
  • memhole is designed to ensure that the mime body of email is signed! (or at least some specific parts are signed)
  • if memhole message protected only display protected/signed header lines.
  • display in mua if (un)signed (=(un)protected) email is _not_ memhole protected!
  • strikeout
  • prefix text
  • click-to-display
  • color/background
  • frames
  • fonts (italics/bold)
  • icons

Encryption

  • including protected headers in encrypted part preempts splicing attack (combining headers from mail a and encrypted mail b)

Generating

  • Choose by yourself which headers to force-display and which are stripable when encrypting:
  • From
  • To, CC
  • Date
  • Reply-To
  • Message-ID
  • References, In-Reply-To
  • memoryhole header line, including memhole version
  • memhole headers may only appaer in the first protected mime part or in the force-display section (text/rfc-822headers part)

Displaying/UI

  • how to communicate unencrypted headers (metadata) to the user?

Open questions

  • include/protect conten-description in signed emails?
  • email manifest/separate headers? -> discussion about manifests should be started/continued within mailing list
  • how do i detect stubbing securely?
  • non-stripped-encryption-protected-headers: how to display?
  • This site is hosted by Intevation GmbH
  • |
  • Datenschutzerklärung und Impressum
  • |
  • Privacy Policy and Imprint