On 2014-08-17 at 01:41, Nicholas Cole wrote: > On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen <r...@sixdemonbag.org> > wrote: >> OpenPGP's biggest problem, BTW, which goes *completely unmentioned* in >> this blogpost: OpenPGP can't protect your metadata, and that turns out >> to often be higher-value content than your emails themselves are. >> Further, exposed metadata is inherent to SMTP, which means this problem >> is going to be absolutely devilish to fix. > > That is true. But perhaps it would be a start if email clients > actually put the actual email (with subject and references headers > etc.) as an attachment to a bare email that contained only the minimal > headers for delivery. It wouldn't be a perfect solution, but it would > at least fix a certain amount of metadata analysis.
Well, afaik, there’s *no* MIME header which is required for delivery (maybe RFC says there is, but currently mail servers accepts mails with no headers at all). The headers that are needed for delivery are not MIME ones (the ones like “From:”, “To:”, “Date:”, “Message-Id:”, “Subject:”, etc.) but the SMTP one (the “MAIL FROM:” and “RCPT TO:”) which are separated. So I think mail clients could just send a void mail with just as much MIME informations to says its content is a MIME message (“message/rfc822” MIME type I think). Then things like the subject, the date, the message-id, the list of attached things, etc. would be protected. That makes less metadata, but it still leaks the more important: recipient and receiver. So the only way is to build an asynchronous communication system based on anonymity, like GNUnet’s doing.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
