Full instead of partial obscurance when replying
I would like to clarify how Header Field values are obscured when replying to messages. In particular, when a HF was obscured, but the replyer's HCP leaves it unchanged.
E.g. see the example in Section C.2.2. of -20:
- Original message:
- Outer: "Subject: [...]"
- Inner: "Subject: Handling the Jones contract"
- Reply message:
- Outer: "Subject: Re: [...]"
- Inner: "Subject: Re: Handling the Jones contract"
And Section 2.5.8.1 states: "the composing MUA re-generates the Header Field using the source Header Fields from the values within the Cryptographic Payload of the reference message, as modified by the HP-Obscured or HP-Removed Header Fields."
Both of these suggest that "obscuring" in such a situation means that the value of the original "HP-Obscure" header should replace the confidential value (as a placeholder), but that any other values the replyer wants to add can be retained. I call this "partial obscurance".
Instead of this "partial obscurance", I want to propose "full obscurance".
That is, in such a case (reference HF protected, but HCP leaves it unchanged), the replyer should obscure the entire value. Since the HCP did not provide a placeholder value, the replyer should reflect back to reference placeholder value. In the example above, the outer HF of the reply would become "Subject: [...]".
Reasons:
-
It's sensible. It's what the original sender expects. Compare it with encryption of the email body: If Alice sends an encrypted email to Bob, the entire body of Bob's reply should be encrypted. "Partial obscurance" of the HF is akin to Bob encrypting the quoted part of the reply but leaving his answer unencrypted.
-
Section 2.5.8.1, when saying "re-generates", might be understood in the sense that the replyer -- instead of replacing the value -- takes the reference placeholder ("[...]") and re-applies some HF-specific rules. E.g. for the Subject HF, it prefixes the reference placeholder with "Re:".
However, this does NOT work, not even for the Subject: many MUAs allow the user to edit the Subject when replying. The MUA simply prepopulates the reply's Subject UI element by prefixing "Re:". Thus by the time the HP code runs, it cannot simply "re-generate" it, since the user could have done arbitrary edits. Thus replacement is necessary.
This would require updating Sections 2.5.8.1 and C.2.2. I can make an MR, but wanted to ask for your thoughts first.