On Thu, Apr 18, 2024 at 08:38:29PM -0400, Kurt Hackenberg wrote: > > DKIM already exists, and signs header fields. It publishes a key > through DNS, and so is used by the administrator of the sending domain > rather than by the end user. Is that acceptable?
Agree about DKIM, and about the general nastiness of putting headers in the message body (though I guess they are trying to solve problems at different layers; if I'm understanding the theoretical problem correctly, DKIM would pass since it's getting signed after the point where the message is received by the MTA?) I hadn't known about the protected header feature for S/MIME / OpenPGP before this thread came up (though as mentioned elsewhere in the thread, it seems like mainline mutt already supports it going back 4-5 years... just defaulting to off and limited to the Subject header). Seems like it's based on this draft: https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/ That said, IMO, adding (and especially enabling by default) support for draft RFCs that aren't yet standard / ratified has caused problems for mutt in the past (for example, the 'Mail-Followup-To' draft, which mutt, basically alone among MUAs, still supports, but which expired, and hasn't been updated since 1997).... There's probably a balance of some kind to be struck between being appropriately concerned about security / not completely dismissing potential concerns, or being too slow to embrace new standards, but also not jumping too enthusiastically into solving theoretical problems that have complicated solutions. While the examples outlined as possible problems seem maybe technically possible, to me, as described, they don't seem to equate to a very serious security problem, and in most cases, probably can be handled via common sense. Compared to the example of Thunderbird mentioned, I would say that mutt has a relatively more technical user-base, and one that may prioritize truth over beauty, esp. when it comes to email headers; sticking headers into the message body, but hiding them and / or rendering them in a different place seems kind of counter to Mutt's overall ethos. It's odd to me that, since OpenPGP and S/MIME both support MIME encapsulation that the draft standard wouldn't use a separate MIME part to handle the protected headers vs. stuffing it at the top of the message body, which just seems kind of kludgy at best. /w
