https://tanguy.ortolo.eu/blog/article74/encryption-desired-header en a blog about Debian and self-hosting Wed, 24 Oct 2012 09:10:00 +0000 PluXml https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1351069818-1 https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1351069818-1 @Dave : There should not, since someone that requests encrypted reply should also sign his original message, thus indicating his PGP ID. Now, since it would be relevant to merge my proposal with Aaron Toponce's, it would be possible, yes. Wed, 24 Oct 2012 09:10:00 +0000 Tanguy https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1351033807-1 https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1351033807-1 Would there be a need to specify a key to use for the encryption in the header (or an additional one)? Tue, 23 Oct 2012 23:10:00 +0000 Dave https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350981595-1 https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350981595-1 @Simon : I may be able to help, yes. Think you for the information. @qznc : Actually, this is the way Usenet control messages are signed, IIRC. Too bad it is not implemented by most user agents. Tue, 23 Oct 2012 08:39:00 +0000 Tanguy https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350973751-1 https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350973751-1 A somewhat related article about signing emails using mail headers: http://beza1e1.tuxen.de/articles/pgp_header.html Tue, 23 Oct 2012 06:29:00 +0000 qznc https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350648962-1 https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350648962-1 The OpenPGP header work is essentially done and the only reason it hasn't been pushed out as an RFC is lack of time. If you want to jump in and drive this, I'd be happy to add you as co-author if you do a review of the document. I think the BNF and references needs to be updated a bit to sync it with latest RFCs. Fri, 19 Oct 2012 12:16:00 +0000 Simon https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350644563-1 https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350644563-1 @niq : I am not sure: accepting encryption is not the same as asking for it. I already saw people that accepted encryption, but that preferred to receive cleartext messages. Fri, 19 Oct 2012 11:02:00 +0000 Tanguy https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350639653-1 https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350639653-1 Re: Anonymous@05:13 - Use not just the syntax, but the name. As in, Accept-Encryption: Or better, something to catch the imagination of the chattering classes: Accept-Security: [signing-methods] Accept-Privacy: [encryption-methods] Because everyone is in favour of security and privacy, right! Then we have scope for scenarios like a user's mailer to accept everything, but a mailinglist to disallow encryption (strip out that header) while still accepting signed mail. Fri, 19 Oct 2012 09:40:00 +0000 niq https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350632744-1 https://tanguy.ortolo.eu/blog/article74/encryption-desired-header/#c1350632744-1 @Philipp Kern : If it gets standardized, it will be listed in the IANA header list, but I guess you are right. @Nick, @Anonymous : Sorting the list would be enough and much more simple, in my opinion. @Aaron Toponce : Thanks, I shall contact its author to see if it would fit to complete his proposal. @Anonymous : Good idea, using the MIME types, I did not know traditional PGP had one. @Douglas : Well, unfortunately it cannot be generalized, there are people who sign their email but do not like encryption. Anyway, explicit is better than implicit. :-) Fri, 19 Oct 2012 07:45:00 +0000 Tanguy