On Fri, 2019-02-01 at 18:26 +0000, Paul Sutton wrote: > Hi > > Thunderbird + Enigmail has an option in "account settings" OpenPGP > Security to save a draft of a message with encryption, as expected > this > saves the draft but with a new subject as "Encrypted message" and it > appears in drafts as this. > > If you save the message, close the compose window, then go to > Drafts, > then reopen the message for more editing before sending the subject > remains as "Encrypted message" and you lose the original subject > header. > > I just wondered if this is what is meant to happen ? or is the > original > subject header supposed to be restored. Has anyone else noticed this.
I noticed this a few weeks or a month ago and took it to be a somewhat inelegant, maybe incompletely implemented, feature intended to improve metadata security. I believe "Encrypted message" also becomes the subject of the transmitted message. Exposure of the metadata showing who is in contact with whom, and when, is pretty much inescapable, but the subject line, which is not encrypted, also can provide useful information to an eavesdropper, even if she cannot decrypt the message body. This is noted in some PGP or GPG documentation I have seen, accompanied by recommendations to obscure the Subject: line and put the true subject within the body. Tom Dial > > System information > > Thunderbird 60.4.0 (64-bit) > > Enigmail 2.0.9 > > Distributor ID: Debian > Description: Debian GNU/Linux 9.7 (stretch) > Release: 9.7 > Codename: stretch > psutton@zleap:~$ > > Linux zleap 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 > GNU/Linux > > > Paul Sutton > > > >