## page was renamed from HeaderEncryptionWithMemoryHole
## page was renamed from Status header Encryption with "Memory Hole"

= OpenPGPEmailSummit: Protected Headers / Memory Hole

//Memory Hole spec and documentation: [[https://github.com/modernpgp/memoryhole/]]//
\\Workshop at [[OpenPGPEmailSummit201512|2nd OpenPGP Email Summit, Dec 2015]] run by dkg


== Overview / Status 

t.b.d.

== Workshop Notes

Parts of toipc to regard: UI, Generation, Interpreting

=== General
* memhole headers have to be first mime part within email/protected area.
* protected email = memory hole signed/encrypted email
??? first memhole headers found within protected part of email should bubble out and be displayed to the user. 


===Signed

====Generating
* Memhole for signed message easiest to accomplish, presentation available already in every mua
* Select headers to protect when signing:
	* From
	* To, CC
	* Date
	* Reply-To
	* Message-ID
	* References, In-Reply-To
	* memoryhole header line, including memhole version
		* include flag if first existing rfc822 part inside protected area should be interpreted as force-display header
* Order to interpret
	each line has protection info, starts with 0
	exclude content-type!
	just from top level
	how to resolve differences

====Display/UI
* show that headers are memhole headers somehow
* show memhole headers accordingly to mua style of showing (non) tampered signatures/emails
* when receiving emails with signed and unsigned parts, user should be able to show unsigned/"weird" parts of email. by default only display signed parts

* memhole is designed to ensure that the mime body of email is signed! (or at least some specific parts are signed)

* if memhole message protected only display protected/signed header lines.
* display in mua if (un)signed (=(un)protected) email is _not_ memhole protected!
	* strikeout
	* prefix text
	* click-to-display
	* color/background
	* frames
	* fonts (italics/bold)
	* icons

	
===Encryption
* including protected headers in encrypted part preempts splicing attack (combining headers from mail a and encrypted mail b)

====Generating
* Choose by yourself which headers to force-display and which are stripable when encrypting:
	* From
	* To, CC
	* Date
	* Reply-To
	* Message-ID
	* References, In-Reply-To
	* memoryhole header line, including memhole version

* memhole headers may only appaer in the first protected mime part or in the force-display section (text/rfc-822headers part)

====Displaying/UI
* how to communicate unencrypted headers (metadata) to the user?


===Open questions
* include/protect conten-description in signed emails?
* email manifest/separate headers? -> discussion about manifests should be started/continued within mailing list
* how do i detect stubbing securely?
* non-stripped-encryption-protected-headers: how to display?