| < draft-autocrypt-lamps-protected-headers-00.txt | draft-autocrypt-lamps-protected-headers-01.txt > | |||
|---|---|---|---|---|
| openpgp B.R. Einarsson | openpgp B.R. Einarsson | |||
| Internet-Draft Mailpile ehf | Internet-Draft Mailpile ehf | |||
| Intended status: Informational . juga | Intended status: Informational . juga | |||
| Expires: 7 May 2020 Independent | Expires: 7 May 2020 Independent | |||
| D.K. Gillmor | D.K. Gillmor | |||
| ACLU | ACLU | |||
| 4 November 2019 | 4 November 2019 | |||
| Protected Headers for Cryptographic E-mail | Protected Headers for Cryptographic E-mail | |||
| draft-autocrypt-lamps-protected-headers-00 | draft-autocrypt-lamps-protected-headers-01 | |||
| Abstract | Abstract | |||
| This document describes a common strategy to extend the end-to-end | This document describes a common strategy to extend the end-to-end | |||
| cryptographic protections provided by PGP/MIME, etc. to protect | cryptographic protections provided by PGP/MIME, etc. to protect | |||
| message headers in addition to message bodies. In addition to | message headers in addition to message bodies. In addition to | |||
| protecting the authenticity and integrity of headers via signatures, | protecting the authenticity and integrity of headers via signatures, | |||
| it also describes how to preserve the confidentiality of the Subject | it also describes how to preserve the confidentiality of the Subject | |||
| header. | header. | |||
| skipping to change at page 3, line 27 ¶ | skipping to change at page 3, line 27 ¶ | |||
| Headers . . . . . . . . . . . . . . . . . . . . . . . . . 24 | Headers . . . . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| 9.3. Signed and Encrypted Message with Protected Headers and | 9.3. Signed and Encrypted Message with Protected Headers and | |||
| Legacy Display Part . . . . . . . . . . . . . . . . . . . 27 | Legacy Display Part . . . . . . . . . . . . . . . . . . . 27 | |||
| 9.4. Multilayer Message with Protected Headers . . . . . . . . 30 | 9.4. Multilayer Message with Protected Headers . . . . . . . . 30 | |||
| 9.5. Multilayer Message with Protected Headers and Legacy | 9.5. Multilayer Message with Protected Headers and Legacy | |||
| Display Part . . . . . . . . . . . . . . . . . . . . . . 34 | Display Part . . . . . . . . . . . . . . . . . . . . . . 34 | |||
| 9.6. An Unfortunately Complex Example . . . . . . . . . . . . 36 | 9.6. An Unfortunately Complex Example . . . . . . . . . . . . 36 | |||
| 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 41 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 41 | |||
| 11. Security Considerations . . . . . . . . . . . . . . . . . . . 41 | 11. Security Considerations . . . . . . . . . . . . . . . . . . . 41 | |||
| 11.1. Subject Leak . . . . . . . . . . . . . . . . . . . . . . 41 | 11.1. Subject Leak . . . . . . . . . . . . . . . . . . . . . . 41 | |||
| 11.2. Signature Replay . . . . . . . . . . . . . . . . . . . . 41 | 11.2. Signature Replay . . . . . . . . . . . . . . . . . . . . 42 | |||
| 11.3. Participant Modification . . . . . . . . . . . . . . . . 42 | 11.3. Participant Modification . . . . . . . . . . . . . . . . 42 | |||
| 12. Privacy Considerations . . . . . . . . . . . . . . . . . . . 42 | 12. Privacy Considerations . . . . . . . . . . . . . . . . . . . 43 | |||
| 13. Document Considerations . . . . . . . . . . . . . . . . . . . 43 | 13. Document Considerations . . . . . . . . . . . . . . . . . . . 43 | |||
| 13.1. Document History . . . . . . . . . . . . . . . . . . . . 43 | 13.1. Document History . . . . . . . . . . . . . . . . . . . . 43 | |||
| 14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 43 | 14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 43 | |||
| 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 43 | 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 44 | |||
| 15.1. Normative References . . . . . . . . . . . . . . . . . . 43 | 15.1. Normative References . . . . . . . . . . . . . . . . . . 44 | |||
| 15.2. Informative References . . . . . . . . . . . . . . . . . 44 | 15.2. Informative References . . . . . . . . . . . . . . . . . 44 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 45 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46 | |||
| 1. Introduction | 1. Introduction | |||
| E-mail end-to-end security with OpenPGP and S/MIME standards can | E-mail end-to-end security with OpenPGP and S/MIME standards can | |||
| provide integrity, authentication, non-repudiation and | provide integrity, authentication, non-repudiation and | |||
| confidentiality to the body of a MIME e-mail message. However, PGP/ | confidentiality to the body of a MIME e-mail message. However, PGP/ | |||
| MIME ([RFC3156]) alone does not protect message headers. And the | MIME ([RFC3156]) alone does not protect message headers. And the | |||
| structure to protect headers defined in S/MIME 3.1 ([RFC3851]) has | structure to protect headers defined in S/MIME 3.1 ([RFC3851]) has | |||
| not seen widespread adoption. | not seen widespread adoption. | |||
| skipping to change at page 4, line 48 ¶ | skipping to change at page 4, line 48 ¶ | |||
| * _MUA_ is short for Mail User Agent; an e-mail client. | * _MUA_ is short for Mail User Agent; an e-mail client. | |||
| * _Protection_ of message data refers to cryptographic encryption | * _Protection_ of message data refers to cryptographic encryption | |||
| and/or signatures, providing confidentiality, authenticity or | and/or signatures, providing confidentiality, authenticity or | |||
| both. | both. | |||
| * _Cryptographic Layer_, _Cryptographic Envelope_ and _Cryptographic | * _Cryptographic Layer_, _Cryptographic Envelope_ and _Cryptographic | |||
| Payload_ are defined in Section 3 | Payload_ are defined in Section 3 | |||
| * _Original Headers_ are the [RFC2822] message headers as known to | * _Original Headers_ are the [RFC5322] message headers as known to | |||
| the sending MUA at the time of message composition. | the sending MUA at the time of message composition. | |||
| * _Protected Headers_ are any headers protected by the scheme | * _Protected Headers_ are any headers protected by the scheme | |||
| described in this document. | described in this document. | |||
| * _Exposed Headers_ are any headers outside the Cryptographic | * _Exposed Headers_ are any headers outside the Cryptographic | |||
| Payload (protected or not). | Payload (protected or not). | |||
| * _Obscured Headers_ are any Protected Headers which have been | * _Obscured Headers_ are any Protected Headers which have been | |||
| modified or removed from the set of Exposed Headers. | modified or removed from the set of Exposed Headers. | |||
| skipping to change at page 7, line 34 ¶ | skipping to change at page 7, line 34 ¶ | |||
| 3.1. Cryptographic Layers | 3.1. Cryptographic Layers | |||
| "Cryptographic Layer" refers to a MIME substructure that supplies | "Cryptographic Layer" refers to a MIME substructure that supplies | |||
| some cryptographic protections to an internal MIME subtree. The | some cryptographic protections to an internal MIME subtree. The | |||
| internal subtree is known as the "protected part" though of course it | internal subtree is known as the "protected part" though of course it | |||
| may itself be a multipart object. | may itself be a multipart object. | |||
| For PGP/MIME [RFC3156] there are two forms of Cryptographic Layers, | For PGP/MIME [RFC3156] there are two forms of Cryptographic Layers, | |||
| signing and encryption. | signing and encryption. | |||
| In the diagrams below, "↧" (DOWNWARDS ARROW FROM BAR, U+21A7) is used | In the diagrams below, "↧" (DOWNWARDS ARROW FROM BAR, U+21A7) | |||
| to indicate "decrypts to". | indicates "decrypts to". | |||
| 3.1.1. PGP/MIME Signing Cryptographic Layer (multipart/signed) | 3.1.1. PGP/MIME Signing Cryptographic Layer (multipart/signed) | |||
| └┬╴multipart/signed | └┬╴multipart/signed | |||
| ├─╴[protected part] | ├─╴[protected part] | |||
| └─╴application/pgp-signature | └─╴application/pgp-signature | |||
| 3.1.2. PGP/MIME Encryption Cryptographic Layer (multipart/encrypted) | 3.1.2. PGP/MIME Encryption Cryptographic Layer (multipart/encrypted) | |||
| └┬╴multipart/encrypted | └┬╴multipart/encrypted | |||
| skipping to change at page 21, line 29 ¶ | skipping to change at page 21, line 29 ¶ | |||
| modifications, and permits cryptographically-capable legacy MUAs to | modifications, and permits cryptographically-capable legacy MUAs to | |||
| handle encrypted messages without any modifications. | handle encrypted messages without any modifications. | |||
| In particular, the Legacy Display part described in {#legacy-display} | In particular, the Legacy Display part described in {#legacy-display} | |||
| makes it feasible for a conformant MUA to generate messages with | makes it feasible for a conformant MUA to generate messages with | |||
| obscured Subject lines that nonetheless give access to the obscured | obscured Subject lines that nonetheless give access to the obscured | |||
| Subject header for recipients with legacy MUAs. | Subject header for recipients with legacy MUAs. | |||
| 8.2. The Content-Type Property "forwarded=no" {forwarded=no} | 8.2. The Content-Type Property "forwarded=no" {forwarded=no} | |||
| [I-D.draft-ietf-lamps-header-protection-requirements-00] contains a | Section A.1.2 of | |||
| [I-D.draft-ietf-lamps-header-protection-requirements-01] refers to a | ||||
| proposal that attempts to mitigate one of the drawbacks of the scheme | proposal that attempts to mitigate one of the drawbacks of the scheme | |||
| described in S/MIME 3.1 (Section 8.1). | described in S/MIME 3.1 (Section 8.1). | |||
| In particular, it allows _non-legacy_ clients to distinguish between | In particular, using the Content-Type property "forwarded="no"" | |||
| deliberately forwarded messages and those intended to use the defined | allows _non-legacy_ clients to distinguish between deliberately | |||
| structure for header protection. | forwarded messages and those intended to use the defined structure | |||
| for header protection. | ||||
| However, this fix has no impact on the confusion experienced by | However, this fix has no impact on the confusion experienced by | |||
| legacy clients. | legacy clients. | |||
| 8.3. pEp Header Protection | 8.3. pEp Header Protection | |||
| [I-D.draft-luck-lamps-pep-header-protection-03] is applicable only to | [I-D.draft-luck-lamps-pep-header-protection-03] is applicable only to | |||
| signed+encrypted mail, and does not contemplate protection of signed- | signed+encrypted mail, and does not contemplate protection of signed- | |||
| only mail. | only mail. | |||
| skipping to change at page 23, line 20 ¶ | skipping to change at page 23, line 22 ¶ | |||
| 9. Test Vectors | 9. Test Vectors | |||
| The subsections below provide example messages that implement the | The subsections below provide example messages that implement the | |||
| Protected Header scheme. | Protected Header scheme. | |||
| The secret keys and OpenPGP certificates from | The secret keys and OpenPGP certificates from | |||
| [I-D.draft-bre-openpgp-samples-00] can be used to decrypt and verify | [I-D.draft-bre-openpgp-samples-00] can be used to decrypt and verify | |||
| them. | them. | |||
| They are provided in textual source form as [RFC2822] messages. | They are provided in textual source form as [RFC5322] messages. | |||
| 9.1. Signed Message with Protected Headers | 9.1. Signed Message with Protected Headers | |||
| This shows a clearsigned message. Its MIME message structure is: | This shows a clearsigned message. Its MIME message structure is: | |||
| └┬╴multipart/signed | └┬╴multipart/signed | |||
| ├─╴text/plain ← Cryptographic Payload | ├─╴text/plain ← Cryptographic Payload | |||
| └─╴application/pgp-signature | └─╴application/pgp-signature | |||
| Note that if this message had been generated without Protected | Note that if this message had been generated without Protected | |||
| Headers, then an attacker with access to it could modify the Subject | Headers, then an attacker with access to it could modify the Subject | |||
| without invalidating the signature. Such an attacker could cause Bob | without invalidating the signature. Such an attacker could cause Bob | |||
| to think that Alice wanted to cancel the contract with BarCorp | to think that Alice wanted to cancel the contract with BarCorp | |||
| instead of FooCorp. | instead of FooCorp. | |||
| Received: from localhost (localhost [127.0.0.1]); | Received: from localhost (localhost [127.0.0.1]); | |||
| Sun, 20 Oct 2019 09:18:28 -0400 (UTC-04:00) | Sun, 20 Oct 2019 09:18:28 -0400 (UTC-04:00) | |||
| MIME-Version: 1.0 | MIME-Version: 1.0 | |||
| Content-Type: multipart/signed; boundary="904b809781"; | Content-Type: multipart/signed; boundary="1790868a14"; | |||
| protocol="application/pgp-signature"; micalg="pgp-sha512" | protocol="application/pgp-signature"; micalg="pgp-sha512" | |||
| From: Alice Lovelace <alice@openpgp.example> | From: Alice Lovelace <alice@openpgp.example> | |||
| To: Bob Babbage <bob@openpgp.example> | To: Bob Babbage <bob@openpgp.example> | |||
| Date: Sun, 20 Oct 2019 09:18:11 -0400 | Date: Sun, 20 Oct 2019 09:18:11 -0400 | |||
| Subject: The FooCorp contract | Subject: The FooCorp contract | |||
| Message-ID: <signed-only@protected-headers.example> | Message-ID: <signed@protected-headers.example> | |||
| --904b809781 | --1790868a14 | |||
| Content-Type: text/plain; charset="us-ascii" | Content-Type: text/plain; charset="us-ascii" | |||
| From: Alice Lovelace <alice@openpgp.example> | From: Alice Lovelace <alice@openpgp.example> | |||
| To: Bob Babbage <bob@openpgp.example> | To: Bob Babbage <bob@openpgp.example> | |||
| Date: Sun, 20 Oct 2019 09:18:11 -0400 | Date: Sun, 20 Oct 2019 09:18:11 -0400 | |||
| Subject: The FooCorp contract | Subject: The FooCorp contract | |||
| Message-ID: <signed-only@protected-headers.example> | Message-ID: <signed@protected-headers.example> | |||
| Bob, we need to cancel this contract. | Bob, we need to cancel this contract. | |||
| Please start the necessary processes to make that happen today. | Please start the necessary processes to make that happen today. | |||
| Thanks, Alice | Thanks, Alice | |||
| -- | -- | |||
| Alice Lovelace | Alice Lovelace | |||
| President | President | |||
| OpenPGP Example Corp | OpenPGP Example Corp | |||
| --904b809781 | --1790868a14 | |||
| content-type: application/pgp-signature | content-type: application/pgp-signature | |||
| -----BEGIN PGP SIGNATURE----- | -----BEGIN PGP SIGNATURE----- | |||
| wnUEARYKAB0FAl2sXpMWIQTrhbtfozp14V6UTmPyMVUMT0fjjgAKCRDyMVUMT0fj | wnUEARYKAB0FAl2sXpMWIQTrhbtfozp14V6UTmPyMVUMT0fjjgAKCRDyMVUMT0fj | |||
| jjvKAPwOVIBTcSVKcji7kBw0ljyBwpOgoQ7UGaY6cINfhGg5HAEA4jjbHaEuGZ29 | jq3uAP4/K66bZXT4jFsmKLztz2Ihxjftgf3TaeD2uL05yWdJAQEAjRdWIh35C6MP | |||
| WDTKxW/exLlcW1WqY0fva3t6jbniyQI= | utqkLnFeLpkTwrMnncdF/G+so/yXvQA= | |||
| =IsHn | =UMd4 | |||
| -----END PGP SIGNATURE----- | -----END PGP SIGNATURE----- | |||
| --904b809781-- | --1790868a14-- | |||
| 9.2. Signed and Encrypted Message with Protected Headers | 9.2. Signed and Encrypted Message with Protected Headers | |||
| This shows a simple encrypted message with protected headers. The | This shows a simple encrypted message with protected headers. The | |||
| encryption also contains an signature in the OpenPGP Message | encryption also contains an signature in the OpenPGP Message | |||
| structure. Its MIME message structure is: | structure. Its MIME message structure is: | |||
| └┬╴multipart/encrypted | └┬╴multipart/encrypted | |||
| ├─╴application/pgp-encrypted | ├─╴application/pgp-encrypted | |||
| └─╴application/octet-stream | └─╴application/octet-stream | |||
| skipping to change at page 25, line 51 ¶ | skipping to change at page 25, line 51 ¶ | |||
| --bcde3ce988 | --bcde3ce988 | |||
| content-type: application/pgp-encrypted | content-type: application/pgp-encrypted | |||
| Version: 1 | Version: 1 | |||
| --bcde3ce988 | --bcde3ce988 | |||
| content-type: application/octet-stream | content-type: application/octet-stream | |||
| -----BEGIN PGP MESSAGE----- | -----BEGIN PGP MESSAGE----- | |||
| wV4DR2b2udXyHrYSAQdAk4rw/q9TK6dtIBm42jF6Z7z34KmNIDAKF4v4f09n5l0w | wV4DR2b2udXyHrYSAQdAifmSGlN6dUG8WjtsDsVf3RoFUu69cEhUQyVMaUBEaSAw | |||
| OAgtdmIHyUu3ZOHSb8cFRbjAGQ3RcgIAe4DdsZIy/m9eLEDXEzf9yMSufBtap6xb | EAtGxmoM2YY6y/87UXI2USJMj9PiFn7RuV0pAFVT6NwMAY1JgLX5qoSdKXuLZ9CA | |||
| wcDMA3wvqk35PDeyAQwAgFIzERxgt1aZlcA29Ds10pv0Y3oZ5yKvMNxd+WEEZNcT | wcDMA3wvqk35PDeyAQv9HNVhvGMSyCXZjsu5LlLGPF/6XHnk3PtunCo8GpUd7Mg9 | |||
| rJBOFNlhek5/9/nkATGiDBaKOsu5o9VyDfKMAV0TYwZxuMgUNtvVpf0XL21dghYt | zVDS0zK+dtePYHNgKZ47KLDBgu6XInVBWeeSkImaWjFirTmqp/GP20urKQ/phSkC | |||
| KVqEHeOTXzprUBdztG4Lp4e0vsG0jPZS+CvTLjbcvO+/lzb314mwN8s8vZiQ7Vlj | vI88cEH+fCqeFxDcL5tb0RLm3/iv707CHvoOM2qCbV8WDSSvNY2FGlJZqqGO3mkE | |||
| DxubIqKypY3jL66U0Acwk85IsXdK4CB4nousr2JFK3Y3zv7cQBtPKHEG8HkmvT0R | VhZFytVop12c/L5+PltIS0/P25KMoSuIIb9xenAncyLZ1a2M/NsgZjBqWeXFfQnZ | |||
| tl0QoAkdHfw0q4rpc6183FA9e8EUV88XRJrKIYn86IaTPuMkp8ULWSsboalkJH3J | ssMK1xOvNIYNxUzEws+U6un74OE5sBZeZCvM/nIf50iXvEQMxoc/MX2XFUA9Scid | |||
| rSq8kzAFFd/A6G8wSj/hVpH6U+NBGW3Z/DQnRmwHqSJfu/Tnue6TFLdDN1EYzk/L | +bmy9nZCit0KQNk4ikrshgtxmG6xJfMv1IpnscQwMy9KfOAhnrVWFVHpzr+K7mXb | |||
| Nlr4YsH6eIB8v3H4u6kY/SwhHCv/F0jItHYVSsIeJz81L0vh28H6hLIMvSDFofJP | yHHF4Ov1Cl2FvwHU6DujaoApkn/xg5BjbRZxfRfVF7LvZ3UJJ/v1XzGLv5LTL8Fr | |||
| fBgIJfZIJ8nzgFpLphVpk0mcI7jHElxEPRg/M5Lmlav9srYHbKbJ0LT67Z9AFnZB | 1S+Ql69M8yvftMiZ799dNgOT7jc4CY5yN7P2YQn5Z3Nm/gUWcGwuqwQecw0hs/87 | |||
| LHRa/p1eZnjpTxrYU2qZ0sHaAS0MB1TwpiucDRH2VN1z8vSKb1qizJ6ZH3qT3zQ8 | yCQzkDHAC62LL6+zHqc20sHbAeuQHcGttI9Vu8rEO+5OeDr3WjTB/UXvLKr/G9ty | |||
| EAf6Lar5B6l3v/WwhjMPgu/pLlvZgDAo0cWkBYqzWpOcwviAeC7OwqnZY9/BFm/F | LUpaYYwFtNgMaRAg0niMV9xfwTFjLBmNkq/8N0mAOsZSO9lMZyUIfBiFbw5yWNzx | |||
| RefFysUIu7fWpvBbKtdch9lhb3baetWKI9uAwsaublwgSGZ4dBR2hfVaX72/8oDW | TuKxZymZ3ts6ywvKOgzLNgF+AdtTQk5nkNIsh7Fd02RSl9heF3t47FXVSvBSo5KI | |||
| 3oJoUvlw59J1r5Ai1l1YtyU8ctNGT2CqbKp6OgVzqm8BOhyQS1ayjMNU0VJs0s3N | FXuznjzK7VNl8fTp9MpBwp00Dai3jtKGQ3/XGiD4l/wa/QxfffojPAZ9UZpgA2Xx | |||
| BJ0B1rctk5QykDAu3rVf+sgyqzQ7ohFqlG0W/7haocAQqW++Wy9PW/n0oNAuwugv | Uw3W4+zCNZNJ35QME6I2ysKwbgAQGFeKM57lLXrmIJWU7KEIDnc1MCBwsSt50yB8 | |||
| W4zisCSB916z7whso00e1Ee3Fl7xgubzrGCHU3JNO5X73+gQHZ+jzuyGdBM5NTxd | kIdSPXxK/Jon2wbATUN8Uuo3oLA2dpH8XncjrkqTooNjkK3uPrGNphDBVSMA5W5Z | |||
| UcT89ekkd9XqfR2kJrhgiUOe15znWks5JB6VGKWfz2kp2wu1AVxSkbii1Qk/tRhX | deHc9NmzETXLBPysc0LHWMUO8g4YnWB4sLq9ZBxTYYX9CYRJvdB8EZN4Dq+IUDVK | |||
| PUpHGwkin41WCPlUFA6xMLk9RmLjer2Wkg9zYosnzEIHdPj+WisWY86NRSZ/tJiw | W7Hu8oFkPRqU7oVa+utiZq5YvTXbIMJBWdUa8r8zlwz0jVsUJGBIPDWhs8Yse2JX | |||
| qZvzNwIgkzvqs1T/8aU5Z5rUOqI1l0Kd+tVjlkPyLrZOrvEeYwOwbAzlCdLxsCdq | 54dNJRAy2X5M3KM1S2Aat1gHl35cft5pLYLp5/gs7GYgybhYfgXbcbBHE6/XTAtg | |||
| pY4ckpU/kMbfXXk21YWYFKDCopT7iRkuzDYlyGN4w/LPKQCMZrQxSms9uPNU5XG7 | L7ZbzN+AEDu24uPQaTN5jUA8MfQIkksRgIhZN3N8NBVltv4t+tbtIiaLLaQ/7Wdd | |||
| Au4yYdZVMkCLuLQ0kktuLe/CCX4bX82eF/AJ5DEFxWB3CT8FbVhdKrQ2RrLKwE7b | X0BINwZxhBZHEtjljqf4VE4RlWpMriW+ezcrPU3zEcM62knjeCLCh9iseAuz1J1o | |||
| 0jBdmT3NoJMtCbq68TBJO3MmOu6AaW7cD4INREbiD+Vr8ukqsnWkFiJ3NigQiT/4 | R1o4DKwlVY9dJZigguO9kzz+K9n1/mpn8orV9kn5FyH9vs9ZF+RQiSHgpoZ3TKER | |||
| PppJ2bAABRy9Gloa434PN3zgoWzmv80EfyNbZNfY7nGAOhAzBs8FqhrOY2WIBTp+ | iy4T7WPV1WzyPSTmlKktOGjgJ5nszKw8YarMjtXYiPNOShBWuBTxBeSyjCLhZ85m | |||
| YEkvEjS5YOwgEj1/zcHts1pOWczY/AfVi2sLkCT8FqsNlfPPebdR4Oq+CEav/M52 | YAhS1znrJ9CzX3jjaZTHTd/5gYN7wVByUlw9OkyN2QQRFl6fg1xN6Tb79oGxDqh/ | |||
| A+CS0s7j1gklNfNd | BHb6PBgDtwnGmHdDmw== | |||
| =87qA | =rTjd | |||
| -----END PGP MESSAGE----- | -----END PGP MESSAGE----- | |||
| --bcde3ce988-- | --bcde3ce988-- | |||
| Unwrapping the Cryptographic Layer yields the following content: | Unwrapping the Cryptographic Layer yields the following content: | |||
| Content-Type: text/plain; charset="us-ascii" | Content-Type: text/plain; charset="us-ascii" | |||
| From: Alice Lovelace <alice@openpgp.example> | From: Alice Lovelace <alice@openpgp.example> | |||
| To: Bob Babbage <bob@openpgp.example> | To: Bob Babbage <bob@openpgp.example> | |||
| Date: Mon, 21 Oct 2019 07:18:11 -0700 | Date: Mon, 21 Oct 2019 07:18:11 -0700 | |||
| Subject: BarCorp contract signed, let's go! | Subject: BarCorp contract signed, let's go! | |||
| Message-ID: <signed+encrypted@protected-headers.example> | Message-ID: <signed+encrypted@protected-headers.example> | |||
| Hi Bob! | Hi Bob! | |||
| I just signed the contract with BarCorp and they've set us up with an account | I just signed the contract with BarCorp and they've set us up with | |||
| on their system for testing. | an account on their system for testing. | |||
| The account information is: | The account information is: | |||
| Site: https://barcorp.example/ | Site: https://barcorp.example/ | |||
| Username: examplecorptest | Username: examplecorptest | |||
| Password: correct-horse-battery-staple | Password: correct-horse-battery-staple | |||
| Please get the account set up and apply the test harness. | Please get the account set up and apply the test harness. | |||
| Let me know when you've got some results. | Let me know when you've got some results. | |||
| skipping to change at page 28, line 21 ¶ | skipping to change at page 28, line 21 ¶ | |||
| headers, it will likely render the Legacy Display part for him so | headers, it will likely render the Legacy Display part for him so | |||
| that he can at least see the originally-intended "Subject:" line. | that he can at least see the originally-intended "Subject:" line. | |||
| For this message, the session key is an AES-256 key with value | For this message, the session key is an AES-256 key with value | |||
| "95a71b0e344cce43a4dd52c5fd01deec5118290bfd0792a8a733c653a12d223e" | "95a71b0e344cce43a4dd52c5fd01deec5118290bfd0792a8a733c653a12d223e" | |||
| (in hex). | (in hex). | |||
| Received: from localhost (localhost [127.0.0.1]); | Received: from localhost (localhost [127.0.0.1]); | |||
| Mon, 21 Oct 2019 07:18:39 -0700 (UTC-07:00) | Mon, 21 Oct 2019 07:18:39 -0700 (UTC-07:00) | |||
| MIME-Version: 1.0 | MIME-Version: 1.0 | |||
| Content-Type: multipart/encrypted; boundary="73c8655345"; | Content-Type: multipart/encrypted; boundary="8f1c37571f"; | |||
| protocol="application/pgp-encrypted" | protocol="application/pgp-encrypted" | |||
| From: Alice Lovelace <alice@openpgp.example> | From: Alice Lovelace <alice@openpgp.example> | |||
| To: Bob Babbage <bob@openpgp.example> | To: Bob Babbage <bob@openpgp.example> | |||
| Date: Mon, 21 Oct 2019 07:18:11 -0700 | Date: Mon, 21 Oct 2019 07:18:11 -0700 | |||
| Message-ID: <signed+encrypted+legacy-display@protected-headers.example> | Message-ID: <sign+enc+legacy-display@protected-headers.example> | |||
| Subject: ... | Subject: ... | |||
| --73c8655345 | --8f1c37571f | |||
| content-type: application/pgp-encrypted | content-type: application/pgp-encrypted | |||
| Version: 1 | Version: 1 | |||
| --73c8655345 | --8f1c37571f | |||
| content-type: application/octet-stream | content-type: application/octet-stream | |||
| -----BEGIN PGP MESSAGE----- | -----BEGIN PGP MESSAGE----- | |||
| wV4DR2b2udXyHrYSAQdAS0G0tRGi0cGe2INISDT7xS8b5e1iezXzXuFOrAa1fWgw | wV4DR2b2udXyHrYSAQdARLfz+1WBB1rOgBFbyrPQXZkCoiK/aA7SpG8mY39S8Tow | |||
| JK32KLaTpnHegkEVB/cdMLMEEq56BkktxtC94YNSoeKJOTmNPhR+YWLruWRmZoAk | cuEVQ1/a4B0VfwiKMyXomehg4GMo7akIAd7nh1LIG26eW+JeEjOJLhjrcg4x5Cg/ | |||
| wcDMA3wvqk35PDeyAQv6Ag30fne2jVFaH+oStUEoX/BEaclWJfpIgu9Ex5SYLmEg | wcDMA3wvqk35PDeyAQv9Hu30CZtCMGeHCVyvPeZZuYUWtHDADt4Wo3rg5va5bUu1 | |||
| tNHJtLMbKWYKQHhpMiyONeVvfgkus8cPZMtpc+eZEP9FaEdQ69CqkB9Cmqt4Hs2q | nZCV/7vo9worPUvhN+qqLP0t4l0KbdklNofLKggJt/+LgJ/IvJv4KhwK6PR10Cba | |||
| yNk14ec0KtL9/b5IPx4rVBrBuFSqxxiS0r0bMsTvKss1p4UGgPN9UPhJSj4dsmDP | Lu2uyzUJK33WKCnvPzqsgEuE4OmbGcIZki3Bo+hKLgr0wS1sNi5okybM5JMmrqTw | |||
| w+gLkxsUKL6i37QJIOmarMawS4iK7/MN+GbjzlMduw/VuLV80DYgIt4l96E9xJ+1 | GXEmHdtohx4/YFsAJ++b4WEWb26jflBbj7NwyXdAESb/lcxi5ZKqXerRJiaN2X/x | |||
| u7S6/TKXyUSuxG1Wo+3tCEpy+hTKeS8mYnjD8OYVF5To+TCMnznCiEEwebd44ild | O/CiwZwSw3LA7VlCwN8Jb9AR4KjjFHIi6pUOp5S7Iz0Hs0juA6862gsuOrfGN8q8 | |||
| 54Bt4QS/G+x/s/aSFRM8pN2O8qz5D5sy+Mzp4dG6w/9fAhIt9mp8W/6Vn+Cgy8kD | 1KkTUPwAw0lQSnSpMxsnRS3+zv1aeWnm8K+bt1Q0E/Nl1E0GYtwiEBLVWX1ZQYCr | |||
| 0dHy3pN5dVavmsBqzy0uaf4xAoLLJZQBzyR+0UWygUyfc2N6VHkXo+S30LhSfkJO | DgrgFBl3/kvx8e+L+b6bEF9GVckZSGrkzJJeMx1JzGaR5MtkEJThsZAlyrJVpMuf | |||
| BMNKqkCaUoLFlHQLstZXETfXMJzpuUySH99ZTeyVnfB/eiEr9CByQqTeN9Uqtu0R | un4N1Xy11G3IWNMCl8SfvPdnaSrytVej2s3ItL+0sxy3wi4hhCXle/YJuFwPTbEP | |||
| QYWEpTvvYei/vJCNDBqT0sIxAftxmF/H2K4hCW2qD3eE/zSe2PpabgStHmfdZrcx | G8jkjJknuVd/6kxf85mT0sI1AfS//hCeieoyi9cjeBVGh39z7bonD2bSp5RfYKI5 | |||
| X1sdOYZ7nOE0L3J/zE3jASEyQUZHr5rdt/RI5qwD2a7zirp8RNAyvk93InQuseX7 | ANj5ANV+hWeB8TGmI7Ka6OOU/43MuilIRAu79M+XnFjMqDQWmRLhydgkThdc63+l | |||
| mgHADtk9LdNTWumiUd8pvm/ChXoRKvqjSV7mHpdBil0D4JKpZTGAQieP4fF71IYw | LTt4jZRnUI2IjxsZ5Bgc13agpWzsStJcjRYz8QWOoANc+A74MCX75gsFn8NbQknR | |||
| 4E+VwiZZKIDSiYMUEljA3U7+M9siELlvKRACrrPZKr6OE58JywlIgRdewzroMWIO | xa/rXpMEF6TulvgCtV/tDCXOv2hnpu+JhIqwLgKIspJih60R8oSIr5qzX3B4AAcc | |||
| HoNJ4EOzij5rJfd6fAF4A3lH3wRu8dcuqrKwK2DhL+as1Zc/AABZD9Ov8t97/A/t | 8Lr3cGrlohVtMDUYUkQF81+KsBWKJZWEvhZdQZC2nSzJSx5hgmw0D6ybYSGuCh9Z | |||
| b6jWJqVAVWilgarv9wwI4icN6q9hdwPZF5OaLgvpskGAtG3z51vkJuAiMogWP2Iv | MyZbH38HJnwkZQWUYPyg4ui8XFi0PVY1WignaF6l0D0DhklzgkzO0Ey1BvEu4Zdg | |||
| T0GuamZb5177yH5ShtowlTZN6D5WR7ShYbdHAPKRWFcYz4S9b7UZiWH1Ts2lHglJ | jkfUjYD4VnXNd4UyIwycfo8myrx3fqd5WcZRJmX9Njhlwn3a4l0adZlTIG9S0ytP | |||
| 5mUbpTI1EvJFO1nwUcVLTuqB2N7lwVvD0oM9lSDcgUmrS04lqBDEax1V+PoKXYAi | VW9jijjGQ+IhizH+Q4jErcEuHJhNDCD0xOIpjQz68/NDm94BDmI2dyr07YOrQEQa | |||
| Q0z3eH6EDzw0xYWZhiBjgvor2qmGuIEqjBa+5qIOMrzBZK+7y0KOlkgaPik0BeYB | ahDl7vMfMFQVncGp4zY0kYmNDOPSG3djCU5OhKA6dRz8cmigxvW0/CzMrOArMso3 | |||
| jC/107Us+5i7c3EfQXj4K5XP72/SR0KC9cr//q9tRBOGki8yVicyOGbtSGsNgul/ | oW+EjldvkQIgeDwodARO8OLKKdQBQhcWIV4G3R8oaLXDxbP/3XAx7eU53jPi0ahW | |||
| 5T0VlrTecw+3ZOH4mQRGCJmxkes1amdDeklISfBeOe+LBx/tjkyixeXeh05i1doy | PbcD7IfHdrVVTyKLcolb0MqnP12gtnCmOwqWSA3D0aeuRGxIKCLnMVMID3I7OVjb | |||
| n9VY/utOqu3Oo6XnTWktxajuhfvwSA2wNB/JnRFqu8QEVmqVzD/jwNvsvETQC83j | 1PMpXs4EsgIuVxWbm0qibVrw9yYd/4xRKKdZqYP+PCSo4aQEMzW7U+mWiZUmDE07 | |||
| GPKYo+P1PpAHeqRs4tMq18JQzzytXzr5llLp26qT4Sgul+8tqafkfS6zGL1xShMQ | 4xzZlTd1qBRUgBKdteNjOcZ859hPZGREuG++JKBrL5Yr/kVBf8UFGLPES+8vslg3 | |||
| V1uMtoAt5KBfO4nfiGUAiZeR2RqRrT4YLHEZvpblIE8y7l3y8WV8gdiFfOXZ21mg | zMQ9K2FO50o4LxYyaKZEW9ihk2BbGB60+hiimtbpWjqZ79qZZ3PJqzd2Au7da7x4 | |||
| gGntqnxU0hrC0IggGVBBY7zHVrcQxJOGsnAsqhQJpVBSnP0YgyrKCEVgDF4ibPBz | jKhOSvFAoLyze+8l2m+8uzGAQTh/1k6e3O6UcwdrV5Z4i41LZp2qdD7WBSfZD1tv | |||
| y2bRxKP4es0advuEVKGAHULhzoV26Siz8h9MkeI6o+d28vestHng++2DsmCrdpSv | IdvtbwnZ7YlLr/X0ESERPW4WWrDlHq4SDt5H16hgAbXVfYwmHxgAPawnIRLYVqZ6 | |||
| EatA | ViIf7Hfaqg== | |||
| =MxXQ | =QAR/ | |||
| -----END PGP MESSAGE----- | -----END PGP MESSAGE----- | |||
| --73c8655345-- | --8f1c37571f-- | |||
| Unwrapping the Cryptographic Layer yields the following content: | Unwrapping the Cryptographic Layer yields the following content: | |||
| Content-Type: multipart/mixed; boundary="6ae0cc9247" | Content-Type: multipart/mixed; boundary="6ae0cc9247" | |||
| From: Alice Lovelace <alice@openpgp.example> | From: Alice Lovelace <alice@openpgp.example> | |||
| To: Bob Babbage <bob@openpgp.example> | To: Bob Babbage <bob@openpgp.example> | |||
| Date: Mon, 21 Oct 2019 07:18:11 -0700 | Date: Mon, 21 Oct 2019 07:18:11 -0700 | |||
| Subject: BarCorp contract signed, let's go! | Subject: BarCorp contract signed, let's go! | |||
| Message-ID: <signed+encrypted+legacy-display@protected-headers.example> | Message-ID: <sign+enc+legacy-display@protected-headers.example> | |||
| --6ae0cc9247 | --6ae0cc9247 | |||
| Content-Type: text/rfc822-headers; charset="us-ascii"; protected-headers="v1" | content-type: text/rfc822-headers; protected-headers="v1" | |||
| Content-Disposition: inline | Content-Disposition: inline | |||
| Subject: BarCorp contract signed, let's go! | Subject: BarCorp contract signed, let's go! | |||
| --6ae0cc9247 | --6ae0cc9247 | |||
| Content-Type: text/plain; charset="us-ascii" | Content-Type: text/plain; charset="us-ascii" | |||
| Hi Bob! | Hi Bob! | |||
| I just signed the contract with BarCorp and they've set us up with an account | I just signed the contract with BarCorp and they've set us up with | |||
| on their system for testing. | an account on their system for testing. | |||
| The account information is: | The account information is: | |||
| Site: https://barcorp.example/ | Site: https://barcorp.example/ | |||
| Username: examplecorptest | Username: examplecorptest | |||
| Password: correct-horse-battery-staple | Password: correct-horse-battery-staple | |||
| Please get the account set up and apply the test harness. | Please get the account set up and apply the test harness. | |||
| Let me know when you've got some results. | Let me know when you've got some results. | |||
| skipping to change at page 31, line 38 ¶ | skipping to change at page 31, line 38 ¶ | |||
| --15d01ebd43 | --15d01ebd43 | |||
| content-type: application/pgp-encrypted | content-type: application/pgp-encrypted | |||
| Version: 1 | Version: 1 | |||
| --15d01ebd43 | --15d01ebd43 | |||
| content-type: application/octet-stream | content-type: application/octet-stream | |||
| -----BEGIN PGP MESSAGE----- | -----BEGIN PGP MESSAGE----- | |||
| wV4DR2b2udXyHrYSAQdArQ8apKY0ciE47ZyBKgbOditGO6OBizW/VeQItRdCxA0w | wV4DR2b2udXyHrYSAQdAOgQDEkyc6EDXP9maqDSnaxSKQ5Cli2idlkJr/fiRJUkw | |||
| KaoRJewLgRnuvwaEisHWjiA0IHB9+0BSja+GFIh6gBWCFqzAfJQxoywAZMHznn6k | FBc7t5vaz9x2HIE1M87W8fljvfK9HQIcLRxLo4kba3ZI7wLbDUSQP5SXzV2agnf5 | |||
| wcDMA3wvqk35PDeyAQv/X3CYHUgNH81gAKZK/Cb7+WDbjmHcgskkvtceANQbEBEr | wcDMA3wvqk35PDeyAQv7BFf4oXdwgK7+GaFykpweiQV9PtdzyQUyAZKTjblmH53S | |||
| /yVoou5BSlXsEni2wn1dtrIsrkhj6OF+B1mwGELw/3qcXdhT46iIrjn547b8Wycp | bURXXxQaJVs1v5sqM85WMwgBbCQw2Gjs2K9l4JBWubC/ROO2AKG8odPaj1XA+FW4 | |||
| saey8JqqX8FdfrxEYyOeBJn9CMDm0Dawfv+kNEdbfZtZ2IUONRgigKfcs+Pvrv3e | cW3jP1G/hoHRhTsWFOYQm/+1lfa7DRt5WVPkIBSHECHP7NW5slLB0uGJaeopU4bY | |||
| hoY3KUe47cbiqKvw11VFTu2e4+rIPXW4sB3/95Epvo+RSo58p62kbvJDmBPt5E06 | ZY+65r3ZV3ieTkexwEVkcAdLHGzgpCXyYfj1JwLWWHAuJv96K137Q37J36g9T8wR | |||
| mEykcvyd6GP0eyTTbtaHNcNWd8jvGUobfikwibADcmjXmbPwTJefMCBbsYov86bK | hlkIDRqIorY2IexI2lv/PsEHXrzUw4RT4HllriGmHmRJA45QoijnFA3ei+IuhIPm | |||
| 72QOWbp39JcmwUWdo850+sU0XoCHmqditFfZqEdcKRFJOl+Rt+pMSrDixHb8Thdi | OcQmlyICZL40fznOaRWYHqp2oLaJ8OVHTU/ZAYurVj+0vsc7qcfxF69S9LvTSInu | |||
| WcxUXetpDvACrmjsipKHbxBZAgEU0K71zvbUPk930jOqJgsyXKX0WI8u32gNZDfc | CtcamqybdH56wd575OdFKKcng75M19ttIXNguejwMJR0ERL/4xh0y5oN9v5fYzUM | |||
| enHAAnALKvwoTGU3EM6do0XRMUKYL6+ON1F1L9S1Rm9Fa+WQKcO04ZvdeHbQXkt3 | LiK1HIBTjY9JW/jbeqr+InuwTAEvh7Vfzjg+8bMhJMVnTgjea3FSdcfxsrnsZp30 | |||
| Fx6ZvZT/Bn3fcIWBpHfs0sI0AfeSpGjSejaZvZQ8qoOTQkOqrjuRnpU8232/ngsC | JY6SC70on74Di/zmBg1Z0sIxAVYh7Vc++W0eUIeEj+Azc4mIfaDZ5U3hHk1OV8Lt | |||
| 46mObydGJZ5qEMnmdDOfQB6L1LR9dQTCzA6swlG4U62MoO0n6yILCxLZTPVKYm7c | XCJz6r/KzUuy3bogwhVUL76kMvuKw/3zQ5zI2YYDpAybsXtUhVA6hg6Zy4JTtJEU | |||
| 6r4KnQcvrGk1pgozdW1QjFBOjiDXbitHnqGorxKUcVVorXSEU919wKm11tGGyZ7/ | +Z0H0a2EU3CYPBG+ic0PzxAdTz7iDb9AvwpRgWJrgBQmZ5J8bWjgvRTKdt7e2cz8 | |||
| 2sta4WQq9ILVvPqB2I1hLfbteBUYWgB/rJcc6JsZyRItEKjSSXZoanYyuCPf0m5r | 0ESrfetg+VSEJLWWipNZNzNGaHlUO7ypgwjYYKfX0VAq5rhWCk8079/n4Xzcn9mt | |||
| rpzf18kz8gYk92RTLzefALgMiIuU9CXFtd673/MalsZ2DRYjnI3tC9AXEdV9yVVa | 9UaqfjvaV6FuRDFTW1YVkVJdndnC9vQzkHVb6MPFA4fp5H3aY/j3yvMa5YaePv1v | |||
| KYX/ECbFPHNxxulu/HU7hL7QQbgxA1E41RM2KjEzmwUEA8EomuNN7eQ5AJjDP0qk | 3zA70nuFbe6j1RQO6KhiJBJA7x+MtnZFt6xByhdImVloSr7c9kfuRaFQ83YbwM5I | |||
| EIjIxIsW8at8FB4vB4sxh95OiF3hHFZj8q6/VZW8K8LspERCdrKmtu46xt2g7uKx | vjrz29jB8+jG9msFeJ75ajFKpUiN1yVOltTQg+WS28osD3irb461X5YtJCCuD8+d | |||
| 8ifdwqMT5OPu4VD5EPuOZLJRnSnYskTBwjZnX+ZqRdz/7z7XdUhvn4CjjiFt804a | i6EA7W9P/Hr1YJsaH1wFxYqEpvSClpHWUD/nMbUUWmhvTQ75yJyF1BDfEPmaHhsd | |||
| 4uunVgTeVXQay97a7oz+SCrNc+Gvv7K0dt7oUt512+0hQAJ3W9J3Chlht4UKs759 | vRBVkZgKdSUo8uNRsSakVWe+4D0U92P0kPyZog6LOOq5EILXnmtZpri6zGt0evgV | |||
| QymPx4smS8kY7c57OWpab481cqeQZLMIftBconhzSzAGl1LZhc5MVoc7l3dEABcx | qEc316nfQeWRism2KJot83TXIov6KIliB4THBo1Chnp/eCs634B4KF2Z1K2N4AHf | |||
| G+zcTIiRT+io8PwaBvnUg3nE0xP201s5vpK2vbBBMDh3O3titYMBDJp3riyp81AR | 8nIIfpJw60VqPrmOzUUvyabiqrebEkhJ7ZHesZJI+OL8UbaAFklaHMHv6PYWDyBl | |||
| Rm6tymUZaRMxq17T6BJ0b0fXyQ2fiz5vuudK5L/zDBvkOSIlhvaV2zxJqMhlSS54 | 7XEwRV8MxqMADd094p5sPXOhj4kbCvHCAY08NFPGIPFVUuwE0YRvRhtVaqMVwf/o | |||
| W2RrwNjxkgBCiz1u1Yzi/HQ+jUwO/p8uGn0hyyIEEDIX50gPe2IQjgEjGteIBrDF | AHO6lGMdQqw1NhmRHkcdLK9qVdZvg5MPwm5w6n8/JvvsHkAVDpsBmvX9jeajI1pq | |||
| sfi9jCEhK/Y0xANG4Mt01Ukt6cgGQhrKuBnyy9KRG+US7aaPdMQuPLfOlhPZOjIQ | X6b2cn/G9uNCM1K8zsYIbM/RMM1ILmTh1rgQjFc8S1xE2pQNydegk0JaQz/IqbAa | |||
| Bytek3JyT/QCsKPSjcGiNinllYk+Za8gL6SCNfZam1y/E802xX4z30t7Z6EBSRLi | GZy153vaUNzWSku5Ef3AjFP7YTyB+WRR+AHkAg2UawJq8FXR+KYMjWkg0BPBmhE+ | |||
| +qwzOCu7wTkJkoOPLfZFLY41OrVaR8lyBG1eZmtJXbER1GuuRv/7IC2xcDZv/2VO | TXXt8IYUE0uudIAHplt4RWXfr1dfZH2UODdl2ZNyQExtPfTE4VUYtpCIrgSAERKD | |||
| ahdnPLy7 | QBjq | |||
| =rOD1 | =ME+d | |||
| -----END PGP MESSAGE----- | -----END PGP MESSAGE----- | |||
| --15d01ebd43-- | --15d01ebd43-- | |||
| Unwrapping the encryption Cryptographic Layer yields the following | Unwrapping the encryption Cryptographic Layer yields the following | |||
| content: | content: | |||
| Content-Type: multipart/signed; boundary="a6b911f1d1"; | Content-Type: multipart/signed; boundary="a6b911f1d1"; | |||
| protocol="application/pgp-signature"; micalg="pgp-sha512" | protocol="application/pgp-signature"; micalg="pgp-sha512" | |||
| --a6b911f1d1 | --a6b911f1d1 | |||
| Content-Type: text/plain; charset="us-ascii" | Content-Type: text/plain; charset="us-ascii" | |||
| From: Alice Lovelace <alice@openpgp.example> | From: Alice Lovelace <alice@openpgp.example> | |||
| To: Bob Babbage <bob@openpgp.example> | To: Bob Babbage <bob@openpgp.example> | |||
| Date: Mon, 21 Oct 2019 07:18:11 -0700 | Date: Mon, 21 Oct 2019 07:18:11 -0700 | |||
| Subject: BarCorp contract signed, let's go! | Subject: BarCorp contract signed, let's go! | |||
| Message-ID: <multilayer@protected-headers.example> | Message-ID: <multilayer@protected-headers.example> | |||
| Hi Bob! | Hi Bob! | |||
| I just signed the contract with BarCorp and they've set us up with an account | I just signed the contract with BarCorp and they've set us up with | |||
| on their system for testing. | an account on their system for testing. | |||
| The account information is: | The account information is: | |||
| Site: https://barcorp.example/ | Site: https://barcorp.example/ | |||
| Username: examplecorptest | Username: examplecorptest | |||
| Password: correct-horse-battery-staple | Password: correct-horse-battery-staple | |||
| Please get the account set up and apply the test harness. | Please get the account set up and apply the test harness. | |||
| Let me know when you've got some results. | Let me know when you've got some results. | |||
| skipping to change at page 33, line 43 ¶ | skipping to change at page 33, line 43 ¶ | |||
| Alice Lovelace | Alice Lovelace | |||
| President | President | |||
| OpenPGP Example Corp | OpenPGP Example Corp | |||
| --a6b911f1d1 | --a6b911f1d1 | |||
| content-type: application/pgp-signature | content-type: application/pgp-signature | |||
| -----BEGIN PGP SIGNATURE----- | -----BEGIN PGP SIGNATURE----- | |||
| wnUEARYKAB0FAl2tviMWIQTrhbtfozp14V6UTmPyMVUMT0fjjgAKCRDyMVUMT0fj | wnUEARYKAB0FAl2tviMWIQTrhbtfozp14V6UTmPyMVUMT0fjjgAKCRDyMVUMT0fj | |||
| jk5oAQCUL+lTDVp2pMOgcDuwnYtYCU9XMRxLgG4bZERZaYf1jQEAj85xO9Cjd7dZ | jv/lAP95zG/boihWaRRYusB5KInnMqz8DM9CrxCO/Z67FoZvQAD/WJKfIW/UaBaG | |||
| jBU3m8KYcHe5P5QtOYMw8snpliWXXgA= | TvwLcfdYDnHVFi/sLCPzP7/+Rp/prQU= | |||
| =Vh3K | =X47R | |||
| -----END PGP SIGNATURE----- | -----END PGP SIGNATURE----- | |||
| --a6b911f1d1-- | --a6b911f1d1-- | |||
| Note the placement of the Protected Headers on the Cryptographic | Note the placement of the Protected Headers on the Cryptographic | |||
| Payload specifically, which is not the immediate child of the | Payload specifically, which is not the immediate child of the | |||
| encryption Cryptographic Layer. | encryption Cryptographic Layer. | |||
| 9.5. Multilayer Message with Protected Headers and Legacy Display Part | 9.5. Multilayer Message with Protected Headers and Legacy Display Part | |||
| skipping to change at page 34, line 49 ¶ | skipping to change at page 34, line 49 ¶ | |||
| --750bb87f7c | --750bb87f7c | |||
| content-type: application/pgp-encrypted | content-type: application/pgp-encrypted | |||
| Version: 1 | Version: 1 | |||
| --750bb87f7c | --750bb87f7c | |||
| content-type: application/octet-stream | content-type: application/octet-stream | |||
| -----BEGIN PGP MESSAGE----- | -----BEGIN PGP MESSAGE----- | |||
| wV4DR2b2udXyHrYSAQdAQL6ivBlSduqtPTk/Y3+ijcQ+N5NYfDl+o474FT/BUBIw | wV4DR2b2udXyHrYSAQdAl9YvLLNZzswNHPuBf0LHXgrp7l6MvJ4bc1tgPZD8XGww | |||
| iZzmY+CQgrHf2iRPm2GuOoN+XuZtFYk4cIhwe0gAK7+p/44osZGipnzcw0NDbMC3 | mbzTgolXvZe/1NewcfrKpEr2dxQikm9XqvzdODcunsca++c+6sgDGNMNEzSgivaO | |||
| wcDMA3wvqk35PDeyAQwAtPLguH2X/uqQupJWoF5bnpcxogM2hr+7W5FSFNCiTh6L | wcDMA3wvqk35PDeyAQv/ZKJLN7S79WnezPjzy6RKJi6qPQgKR3X8zfZsnGCw7ooA | |||
| ZWYY9B1M+qQqOsTSqpA9mhOoqlnUGiRWYFU164mla3KmMu4rDKSrP761E9ozQl4k | Bx5zk+sO2XHM+ho8YJ0HAULkBvzXbDgRoe4VO1kn06nwYBzMnyotNcNf7p6KSfkB | |||
| o7+xjvWEBsVeU6KZLPpi9r5KDxwiGO8PT7qsNHv+OTSvJbOv1azLcSo4g67J03uU | ypiBZ3Orr/0fVaXoStNZfTFp+UqPNw0fVtbTyZRZ0AXmmxVbGPjxjb6m/qRWj26k | |||
| rSbMDjPD1BAZDyf7TwKpg4MXVmJtnuHURjzIQ/VtS6eZ0FYzvPZX0rMo00G4bNkR | 0sNb/ruYPzpBEkBdMlK+wYlJHtwyV9gyXU7U33o0UrSf/CcnQcXmJ+OkJbEjUNW/ | |||
| t1w06hEUemFRtEI/JhD8H3hDkx4Xo/XBWuiVD/UWrlXh1rGjTCfezd4p7F74/+t+ | MHN69jVY8WC9nOgL98qGLtqQwFaxBEemRCoh3PU4Qw52HHpSJBRJuWb/WjACQ9Ds | |||
| VHxLWWkyeNXnQqFZX6nIclvoW/ZQr2RycA8j7L/BSYEeINxE4gau+Mh/9IN460G5 | wGjg5Q2lBUosnaFUvIFg+eP+aqshSEtSYMXHmERysA7hY91R9YSncPpAjTeb298N | |||
| Aabjok1FIv8D3inMDI9MgxHYOkAReCMJ4btObtLlzQy+f6aE3BPihIvAYlRzCBel | XTKlBmvM6JCT21Ur3y2mi8NmQdmn6J3Pa88MwNpUnJ3yWjNPJZVvbFUkseD3+sDL | |||
| 9Cl604BDGmVug+UeYJ7+1S55HB5vbWzx88IwELw4FCFaYwiK2FOB53tXSc/sGkBQ | oLmxil75U8GoB1YxHoX7TTrkkkHPEJ6jlz3sjOXWByOEfuarSjlwn+QiFFGCMpSJ | |||
| Eh7hf2RLSq0c17fMBuNa0sKDAY5PKwukRG+RDz/TeM0e2Y42hPsVm6rOPKNIjygd | 0TMye28sCTMs4X6eJSqi0sJ9AU7ecIHNwq9IhMtYcK+6xnY9C9uBoNfnHpigzHj/ | |||
| oGHLfXw/vYtpxVcdipa9LRAnoJ4JNSaB3vOLz54yxeXuOJrg6nT9JvSRuQ1AlZHq | vq0mBnpvEMf9GkUNbkrzwwMu6wFaTSrcvAQjPN+llgvfI1B+lFhOloQJU3Rpuqop | |||
| 7Sf2i0kbYkNYZOig54PVJ1/ESkzyrNlmxlRrmo/I9tCr7Wa5bMlgh0S7wm5wPUm4 | aOoj7LWoocdeCNQINUkflbX0nFf3sLs4lOT/RwfHauwr2PMb2umBNi4ML0gKfj+D | |||
| sEEf+WeqU9cAQKGz4gmY87/ErvPUnudcl21SKyFZ6SlgXdo1GEAUagf3YPL/eOaW | eSoHqiKhDT2USVt1Kt/KnRC1KSd7lAf6U9rvyWA++w8V/gqt7PNVBREem9Ek8AEA | |||
| KSG/c69L3K2nBr8NnsTH054AokKOEJKM0+Tu+z8dSRFfa8vJt+fbaV/wL3xK9yEQ | o9uM37nBJuyJSlA6Tqo2GDw603izKbz8A+JlvWyUQWE106nqBX/LMkkm8zhl045+ | |||
| KxJurGTCQ3uKyaeVEyyc5oscv005iaaS9cskkU2eArjAoXNcS7dFMuNXJBbn9WZc | EUfKJGIMHFhEWaayPtLFtU1cDvFh2OeZftF1qN451RpWRDwEIVeA6IngotWAaejU | |||
| vDmlUSnpob6ZEVySNiQLKyVPsd50VQALv9ySsVT/LNx1N+QR4PSg7uX029itcXbp | QPLXtDvXKC8O2vIcdI95M+x9yq3or40KS0stZVQAgLZWiXFvvqwyTc+fiby2LYzv | |||
| zuJgBg8hnpZxKD1vWPzWslmyaC6iS4Q0qiD4XL669NEmtrSpXjX1xFv5SGLWO7IE | /JPVH3f+F3Vz229u/iob6mgLe3O1Xa2bhcwFqFG1AlpMx2f/ZJsBvYUJ4MMBM/S9 | |||
| TQttUOUgH2tarrFESGOV+354h8kW/CewMO3yR/rTV19HsZfBbuzCLMiURPmK51gb | xJ4QPna6oHilBfs72Y2pyCrG6KIBIeWkVd6XhLKaFq5QtKM/rO8IOFtgU7iiJYwD | |||
| diZCD9mxd+LPuMPKo0nnoKgloFMgiono9bimJonGNKdfwhoRFFP8tIHZhkue9zqb | ZIyVqaV8weaRSF5uGWH2Mc+6/hSeQ+yx8h4sa26KkIwooHbSnx3sjefAB29h013G | |||
| AnjZazfsI6YyfGsshfjQ2xHUuT8tTXtNCA/yhhld3yp1b2LfWdWdGxcGrVugFhy3 | 8n7u/T375w5Y3J3bHpM888BXUNJh0J+Yiey9PNIEljp577PLBv8sKP0FVpxxfxPO | |||
| fUBgeiL2cIf09cn10Y19cIISwa++LpkVWLWuINORu+d2z5Yi9E2I3Tqoi7kt3PvA | BFaSoJGiba1GqjJfLRsf3ExeA+ocrnuFfo6x+kyZ7zd0+4+jIQ6fQtF5dnoBbHLA | |||
| GVfKK+Vpytf5f19vm53gfYPGHeF+V9fLZq2JrD4ewSzHSzbSf0Lo2uIUCRv9gTXV | iTyFZm24994qSOoOoZGEBA5DFsGktAEDfrD8mNYQR9ubY14zlhcOZblQ34w4WsTS | |||
| scKiRvA7O0tjQHKFQKcrZLcUd1YE3uRcLqL4GMlHZMdRIQ2SfEvZe8Ad5ZxoacTW | C7olDgoWjos3UQggh+HN+ulp5BO+xTwCVCB85VoVH6pEIZ2IWcAo+R21OMIjyX5d | |||
| nthYxDipYMheaLmXmePyTGXV0yo/btUe9q0vErhxIrWxnonhQxronVR2go9695Ia | aE8p3tcqQAGbdPsDR/WRTd/fvNLmEzLDv18ZuglY6b+f0qErG5ce1AJpEhsFZuiX | |||
| w/b1FdihjhBvVmymHdYXxCsbIKIPsE7MeAt0YXEmOly2MsqlbYv+XVwFpw9gYa6E | 2oCxVpmURf0T7j7EdrCC8Bhjaq5fw1PPp9Azqv7csYidhmeAw9NetwVo2+fg0H1z | |||
| QwMRS3Kd1bJgpuqZ4nOnHgZ1Qewhi1WbF9M3Kz6EryAgQJ6Sgy7syHqdYh4MzVOE | m7sB3QI2qqw4/5ErrKZ1CV109eMOUFMuM+fiJEu+vuXBayvviCPkz0pWHUmjexWS | |||
| +VMThZ5Q92DIQcJsPpEKpDIfnbEYm7N6Icfmz6fj1L9s7X1oew== | ISKPpt8ok3hLpojbNf96lDxChlpqaILSL6SopTicnw== | |||
| =KH2Q | =h5ce | |||
| -----END PGP MESSAGE----- | -----END PGP MESSAGE----- | |||
| --750bb87f7c-- | --750bb87f7c-- | |||
| Unwrapping the encryption Cryptographic Layer yields the following | Unwrapping the encryption Cryptographic Layer yields the following | |||
| content: | content: | |||
| Content-Type: multipart/signed; boundary="4e3b9ccaba"; | Content-Type: multipart/signed; boundary="4e3b9ccaba"; | |||
| protocol="application/pgp-signature"; micalg="pgp-sha512" | protocol="application/pgp-signature"; micalg="pgp-sha512" | |||
| --4e3b9ccaba | --4e3b9ccaba | |||
| Content-Type: multipart/mixed; boundary="6ae0cc9247" | Content-Type: multipart/mixed; boundary="6ae0cc9247" | |||
| From: Alice Lovelace <alice@openpgp.example> | From: Alice Lovelace <alice@openpgp.example> | |||
| To: Bob Babbage <bob@openpgp.example> | To: Bob Babbage <bob@openpgp.example> | |||
| Date: Mon, 21 Oct 2019 07:18:11 -0700 | Date: Mon, 21 Oct 2019 07:18:11 -0700 | |||
| Subject: BarCorp contract signed, let's go! | Subject: BarCorp contract signed, let's go! | |||
| Message-ID: <multilayer+legacy-display@protected-headers.example> | Message-ID: <multilayer+legacy-display@protected-headers.example> | |||
| --6ae0cc9247 | --6ae0cc9247 | |||
| Content-Type: text/rfc822-headers; charset="us-ascii"; protected-headers="v1" | content-type: text/rfc822-headers; protected-headers="v1" | |||
| Content-Disposition: inline | Content-Disposition: inline | |||
| Subject: BarCorp contract signed, let's go! | Subject: BarCorp contract signed, let's go! | |||
| --6ae0cc9247 | --6ae0cc9247 | |||
| Content-Type: text/plain; charset="us-ascii" | Content-Type: text/plain; charset="us-ascii" | |||
| Hi Bob! | Hi Bob! | |||
| I just signed the contract with BarCorp and they've set us up with an account | I just signed the contract with BarCorp and they've set us up with | |||
| on their system for testing. | an account on their system for testing. | |||
| The account information is: | The account information is: | |||
| Site: https://barcorp.example/ | Site: https://barcorp.example/ | |||
| Username: examplecorptest | Username: examplecorptest | |||
| Password: correct-horse-battery-staple | Password: correct-horse-battery-staple | |||
| Please get the account set up and apply the test harness. | Please get the account set up and apply the test harness. | |||
| Let me know when you've got some results. | Let me know when you've got some results. | |||
| skipping to change at page 36, line 36 ¶ | skipping to change at page 36, line 36 ¶ | |||
| OpenPGP Example Corp | OpenPGP Example Corp | |||
| --6ae0cc9247-- | --6ae0cc9247-- | |||
| --4e3b9ccaba | --4e3b9ccaba | |||
| content-type: application/pgp-signature | content-type: application/pgp-signature | |||
| -----BEGIN PGP SIGNATURE----- | -----BEGIN PGP SIGNATURE----- | |||
| wnUEARYKAB0FAl2tviMWIQTrhbtfozp14V6UTmPyMVUMT0fjjgAKCRDyMVUMT0fj | wnUEARYKAB0FAl2tviMWIQTrhbtfozp14V6UTmPyMVUMT0fjjgAKCRDyMVUMT0fj | |||
| jgzVAQCXwrEyApDaRBeUX1kQOCbb3RVpXcSO+BdROF1T5K3FxAEAs4hYWZXJD1lp | jj/AAQDqeRa+AaS9dHoYHE4sSGhnXfuTlB9WPbtI/3uLmpX4wgD/boo2TFUJ4VYs | |||
| UBe7D64qKa+fyQE1akkIWgoqoaTSlgk= | KPDOt/ekjp079bvvfcSjpLNEI1sfSwA= | |||
| =zdtG | =Otfk | |||
| -----END PGP SIGNATURE----- | -----END PGP SIGNATURE----- | |||
| --4e3b9ccaba-- | --4e3b9ccaba-- | |||
| 9.6. An Unfortunately Complex Example | 9.6. An Unfortunately Complex Example | |||
| For all of the potential complexity of the Cryptographic Envelope, | For all of the potential complexity of the Cryptographic Envelope, | |||
| the Cryptographic Payload itself can be complex. The Cryptographic | the Cryptographic Payload itself can be complex. The Cryptographic | |||
| Envelope in this example is the same as the previous example | Envelope in this example is the same as the previous example | |||
| (Section 9.5). The Cryptographic Payload has protected headers and a | (Section 9.5). The Cryptographic Payload has protected headers and a | |||
| skipping to change at page 38, line 6 ¶ | skipping to change at page 38, line 6 ¶ | |||
| --241c1d8182 | --241c1d8182 | |||
| content-type: application/pgp-encrypted | content-type: application/pgp-encrypted | |||
| Version: 1 | Version: 1 | |||
| --241c1d8182 | --241c1d8182 | |||
| content-type: application/octet-stream | content-type: application/octet-stream | |||
| -----BEGIN PGP MESSAGE----- | -----BEGIN PGP MESSAGE----- | |||
| wV4DR2b2udXyHrYSAQdA6Hrr6FR4JVEu7eJP/tRMX/kaargXF/e5wrUW2Et3Ty8w | wV4DR2b2udXyHrYSAQdAp4ZrYIrBddsWr41zuxkG+58YgQDeKk1h+gHTz1BmVFMw | |||
| HbZhbIWW4vt9reojwemfCX99j9s6zmKCEaAYVwyDZTZd+28AJNIScDgUVD9346cA | oLGI9dIR1LEgCm7FGTB61oXa4JqxSM1+h6q+UFGHjypGMj0/E+BABTgoC7CuYrAr | |||
| wcDMA3wvqk35PDeyAQwAlCnRuVFh7GjzxzLpu6he63MNsKNKFFDKz/mXp5i0O7Je | wcDMA3wvqk35PDeyAQv9EHLWRWMLLSkSJSEqNuywgnAN2I+i6WaCou7t/vP0Looz | |||
| EUzUd1Hbrmn4OP/fznXrgPoi62DGlJkH/Al31EF5SqkxR71A9v9S3DnJ3PEjNAM9 | /VePnARGcwi6b4RSQYaClf95SOiqzqD56hiXW5yb+2r057HSvAVZ78r0ymCFN83Y | |||
| lrOgEmJnKLGMoFy3wkDDs6c/qQqjLZTtdTrfteQtH9rlLqrPLqV+wbfxGi6qBh07 | nu9Byy3vulvqueP1PgqJmBY0u5eJjgtCGQs2YM1bb++hyPFHPNsgJuAkB8YwSmqk | |||
| mUBqbdidqOpBKRs3k5vTXDrsAhGuKK0vTZd5yYJ0emBLtEnKm6MpJdaGWgO7CVnq | aIrFRi2YZXd61Zhvdl58f/ECFMkpmSQRROxddFSXjt/nFXXimWQFP4Jp/m1VjCBF | |||
| 8/i4UoMV1lKEQQMB2gnrZ2wGXBD24jkaPefpPhLYa6WSOwL9E49fuo4AJy1CDxm8 | ne5bQpOdrBjWXWds7zUnFspCtj4RinFI7UjyLR9VelOkezyc58nAIgTdjD0wrp+g | |||
| aN2PQa+8VsBovsavh2BF50Auy0dGmjdru1O0t8hD1KyFrogeGJ/JgEJFkX5kK0M6 | RBdNBGSpoBMBj4t6gVCNMFQL04/UhwQmwl+R0gFDwd2XdJPa9ijCyxROFP9CNcNN | |||
| jgW+UZDws0ex3b7ikxM2Gboq2WeOoWqrP7Q09vPUo7fabR74ngj1VpjAdnY5v+cO | x1Jq+SgkdJMJLbsyWlF8GvioNOMg0cgSEoyXtwCBZV3IpXdMt1SmMAhEv6mmWR4t | |||
| HVG+hdAB5dgxXXzI8xYIP7z3bm2refQ1dbomlc8cXb7UJwKhpVgTPdwjcheZDeE9 | zI6BJ3i0dX/y+djz93uj0Ty2fmd/h//OaI5JMn+muhNss4tRRHhNistqyjFO6qaj | |||
| RVLwradRXPmTqGfWTWSS0sPcAXU5DkOUxi7PiRObKeCAmw2sUnwh9t6vTq+ZFIqQ | cadwj/QetMWVAR8e8lDc0sPeASPx9QMDzFWI+joVIKZ7oAvHw6WArpS+Gu9rhIB6 | |||
| JmvsI++VftKg5hiqnPV88pF5fvjDbbcTvHNEAMtMFXLFjGHtcz1dRNwAn8DOXj5F | aa9Xn0dn4l/xYDzFvZqSgVasL7+BFj1NZtdgvdgvLd/ACfAW4G5XvrQ+dEHW/p2n | |||
| JpBwGGtY19JZrHPP98gFioqwTQja+7M6b7KTuWKx9+bZ0JjsALxSFW+1taZN0+SB | oVP58W7jKMJNwDxZva1fwNb+6eWwkGVhzI11uX6n0mtL6UpfFYLfirSD/Z/IpMos | |||
| Ox60tfD0kTp3Wq+W13IYBqSniFkFkWRoua5ta9LUrVPHAnG1d8utycGsroXK/9sl | sJ1RCnox60W1JardwXIkx5rFgtHgFb9hUyyZKC6VXstuIoSAtlc7NCRsSwuP5PGY | |||
| /dshobLC3qmrInLh6VeryVZBFBOcOW7w5FzxZbAt6xuEvU/ooRepBwIbYkfc66OD | f0g3ttgivLMZOV9Oankqijol6jFDUrNAZJrLZKYYs0AhIkWoDlwhsK4bWSyEk7Zc | |||
| 3yEXh6OJmMX6Cqs/HpN66lDRlm4IHD6y88j+Ot9Pwxid1GcEH6Y89rnNqCcoTRDf | BPR033MgGpY4CCadEWPZL4n5vhUsYnBr9LihKDzDWZzdU/5YQpM8OuLqqk9mxsuo | |||
| 94tIXtLb7a1JZlOBOLcM5B/0Qlk3YtuSw945jynqYWJ9sOG+jX0sZ0ZwwRY/gIAz | Oim8HPkJ2z1Itw58UIW23cqVXz8uKtEsywNSv8VlM2IVG9jHvhmnK4laZN2U+1bp | |||
| vPzGzO5UDUiusL5Go1xiJjXvbXW+LKSzgzjOLkUlz1SP5OEkntigMQvsFsKRtE6K | KIY9giBFlCqxSjyx2Knq2C7HaBelWjqaGUkH1YOdsnCKEj/JRJYo4ogOLy4xSHEz | |||
| sPeHf8b5INp8tOaHiYX9tnbS8Ozok+BBQTvT0f1tYSlQkGLfvLDFyat1f7ChdTpo | 8gaDQZjyHLICvsrL84RzDfxx+yWid0Gzzzf69/ux0bATkUXN5tMy4h2p15Fm8LtK | |||
| tZBKX+VBycblXzbIo8+BlVRIT0CiNIZwujN50IBfXGbBrxJqbNcA0GQwtLIgZSHG | 9IAQjiByqf0FKvfQLt8SleNMDPvBfscTCNb+N7aLoJARto2oLHyes8AxM18c4Qb+ | |||
| +1k6nGLPaHJjgN44AfH9JREZD3pMTih9zjfDnOA/dij8XOSIwuQkS0wVrkcvnT9v | ihNpDwtIvXUN9dn6moylna0Y2eo6zjGWK/bxKVvlNakwxtVOLHxpj1xuNiQC5LJR | |||
| ByMn5QYUMUxajAMthP7YLd3uBjvhpqtYPhi8pXB6PuTsLk2nHMIWoKh/WqckZcjx | n0rHsHOUZQUWTfgp+N8vdwMOJhLyD1yTiCbzrtuw+QYRCXBNBSkc1Jtr6yCESKr/ | |||
| pccjLia74y+O06XHI2SPG/BtjF7S9s71VcXdmQwzpJ7BP6hCHJ/AIb9W1+UdCCSX | 1ef03Ygtb0G/H0I6KDLVdrrc0TjjkD98hjILMc953coF4a3yKJOWoLGOWrWup+IX | |||
| 7DHgn7wHqmbQ+LVQDMw2qvBLAXL2D2hn5uXcVMzvL9XuS00UnaKUoYILmhmkBdgl | kiax2FlJ3b13PZODENVfdhQ4ACKUTrl3eZNepZmwzVK8z8CPlQbRYEo7sET0IEBp | |||
| EVqW/ZeKYv5erZUkTB1f179aXrtoQ4cMRoZfE4S7+j2yCiee8tJRvOQBQjg8KsdZ | Vo7VnLeeUZzNOqwZkyipRNRfkQzMmTjbNZeKvsCQsoZx2goo1Pm7XG093z34RcK8 | |||
| b0gR1v8rkEHC9KhURsDmCGaZuFYyl5e4pne2jHDwkyEmTAygdcJpMqbdLb+KGw0V | HHsrEvY7kymXoU1xS2gQYQcoiq4LBY42HJ/+mXcEKqSUuwINYVhlwutFL23T1uvp | |||
| pacv7pOQj0U0oaEn6JQuiZD1fTjsyNqSVS3whHe/wf5LKeIFNrTqVXi0GwKiZBrp | 9/eY6jyn5cc+QSCZMIf5MRKKruc13xzs/WaxVFd2NfLAghtlqqZj1ziKZ3XRLlwc | |||
| pvsr4I4H/luVqSg7QKJGpt/tmXY+RPAMts+8FnHBN0SrON2yuVZh3oXv/j8L1qBV | pesR9415yGakbBC2C5HwUOhHvv5NMuX4S2UHOiRX+XQzzEOafBekRCHAOXPfbTEm | |||
| BeUGnA2FYMfCpJti5UBQThZjFieNRT3xVzezGSnhQHeLAB08weAqEOfXP9HBcRng | Xj7wPJVSXS7vCV3K+2scAZopuOJMIOkegcJAsuata2GiHr2TbcRbMAZSQzrQ/wSe | |||
| yNTRKTCfA7NCYHpqjT7+A9d83PEmbX9dAeJxVbIgwkqVVmeW0LmLJi3Lh9qilOJ+ | GbkgLHSthKEXVEbkYMTHSDPClpThppfD40mBIHyhw3BbC8j3lVgEZ1EeXyJuhZDu | |||
| 66xTQQtreq2GUHY5jHapu1mTB2FRmbLftQ+yPsooNVvtzAroEwo2+NKNsHZdyqma | VzPeRxYD9Yun6UOYYbjBSiWNe59DylN1ZBTICgymnff+utfW94UXs93FGRGgSpNB | |||
| 28ECmCbHbCkoVkDyyZDwx9HF8V+0vVxWlW2feYI5IfEbsRlo00s5gMT6e+NZ7lLt | c8Jc3tlKd7VP+FlEKBmqFHRzE7fdnabQ3BUBnPdBwjkFqImVOLwwKEZ8MRowDjfu | |||
| OmwxtPM9UZk6HxoCb+ZaqQDiZljp6NypFhz4rxbgZHU4oUgQ0QndLk9NlipCKj2Q | tcjpUEvROWi/FORqmkZHik7AqfuCO4cB3g5AePYfweIEONXxK7yjjpGlmfNgVLBa | |||
| FX7WBggqXtjMPUHCR6xH2+VPNOQN5O3exT1TCnrT9k2t+8IXB/hgVP/OQSHiI+og | uHlSSNl7/oIRP1ivCNEUmmMbqvKnjrTx7i/0XKdHeyGMpVSaksH4Nj+Wz7jA+65K | |||
| AZQrFl2jObo6CvsOOojsy4rxfawiTo5HafaFBz8GpqQuUt4IGHZIofGIMLU1OQ== | iEhVOC2QoKSlI5W7v9fAQXCtNfXWlrrVSAqxk74rpIErdip8SpJloGOvtVtApi19 | |||
| =XtUM | =p3e5 | |||
| -----END PGP MESSAGE----- | -----END PGP MESSAGE----- | |||
| --241c1d8182-- | --241c1d8182-- | |||
| Unwrapping the encryption Cryptographic Layer yields the following | Unwrapping the encryption Cryptographic Layer yields the following | |||
| content: | content: | |||
| Content-Type: multipart/signed; boundary="c72d4fa142"; | Content-Type: multipart/signed; boundary="c72d4fa142"; | |||
| protocol="application/pgp-signature"; micalg="pgp-sha512" | protocol="application/pgp-signature"; micalg="pgp-sha512" | |||
| --c72d4fa142 | --c72d4fa142 | |||
| Content-Type: multipart/mixed; boundary="6ae0cc9247" | Content-Type: multipart/mixed; boundary="6ae0cc9247" | |||
| From: Alice Lovelace <alice@openpgp.example> | From: Alice Lovelace <alice@openpgp.example> | |||
| To: Bob Babbage <bob@openpgp.example> | To: Bob Babbage <bob@openpgp.example> | |||
| Date: Mon, 21 Oct 2019 07:18:11 -0700 | Date: Mon, 21 Oct 2019 07:18:11 -0700 | |||
| Subject: BarCorp contract signed, let's go! | Subject: BarCorp contract signed, let's go! | |||
| Message-ID: <unfortunately-complex@protected-headers.example> | Message-ID: <unfortunately-complex@protected-headers.example> | |||
| --6ae0cc9247 | --6ae0cc9247 | |||
| Content-Type: text/rfc822-headers; charset="us-ascii"; protected-headers="v1" | content-type: text/rfc822-headers; protected-headers="v1" | |||
| Content-Disposition: inline | Content-Disposition: inline | |||
| Subject: BarCorp contract signed, let's go! | Subject: BarCorp contract signed, let's go! | |||
| --6ae0cc9247 | --6ae0cc9247 | |||
| Content-Type: multipart/mixed; boundary="8dfc0e9ecf" | Content-Type: multipart/mixed; boundary="8dfc0e9ecf" | |||
| --8dfc0e9ecf | --8dfc0e9ecf | |||
| Content-Type: multipart/alternative; boundary="32c4d5a901" | Content-Type: multipart/alternative; boundary="32c4d5a901" | |||
| --32c4d5a901 | --32c4d5a901 | |||
| Content-Type: text/plain; charset="us-ascii" | Content-Type: text/plain; charset="us-ascii" | |||
| Hi Bob! | Hi Bob! | |||
| I just signed the contract with BarCorp and they've set us up with an account | I just signed the contract with BarCorp and they've set us up with | |||
| on their system for testing. | an account on their system for testing. | |||
| The account information is: | The account information is: | |||
| Site: https://barcorp.example/ | Site: https://barcorp.example/ | |||
| Username: examplecorptest | Username: examplecorptest | |||
| Password: correct-horse-battery-staple | Password: correct-horse-battery-staple | |||
| Please get the account set up and apply the test harness. | Please get the account set up and apply the test harness. | |||
| Let me know when you've got some results. | Let me know when you've got some results. | |||
| skipping to change at page 40, line 8 ¶ | skipping to change at page 40, line 8 ¶ | |||
| -- | -- | |||
| Alice Lovelace | Alice Lovelace | |||
| President | President | |||
| OpenPGP Example Corp | OpenPGP Example Corp | |||
| --32c4d5a901 | --32c4d5a901 | |||
| Content-Type: text/html; charset="us-ascii" | Content-Type: text/html; charset="us-ascii" | |||
| <html><head></head><body><p>Hi Bob! | <html><head></head><body><p>Hi Bob! | |||
| </p><p> | </p><p> | |||
| I just signed the contract with BarCorp and they've set us up with an account on their system for testing. | I just signed the contract with BarCorp and they've set us up with | |||
| an account on their system for testing. | ||||
| </p><p> | </p><p> | |||
| The account information is: | The account information is: | |||
| </p><dl> | </p><dl> | |||
| <dt>Site</dt><dd><a href="https://barcorp.example/">https://barcorp.example/</a></dd> | <dt>Site</dt><dd> | |||
| <a href="https://barcorp.example/">https://barcorp.example/</a> | ||||
| </dd> | ||||
| <dt>Username</dt><dd><tt>examplecorptest</tt></dd> | <dt>Username</dt><dd><tt>examplecorptest</tt></dd> | |||
| <dt>Password</dt><dd>correct-horse-battery-staple</dd> | <dt>Password</dt><dd>correct-horse-battery-staple</dd> | |||
| </dl><p> | </dl><p> | |||
| Please get the account set up and apply the test harness. | Please get the account set up and apply the test harness. | |||
| </p><p> | </p><p> | |||
| Let me know when you've got some results. | Let me know when you've got some results. | |||
| </p><p> | </p><p> | |||
| Thanks, Alice<br/> | Thanks, Alice<br/> | |||
| -- <br/> | -- <br/> | |||
| Alice Lovelace<br/> | Alice Lovelace<br/> | |||
| skipping to change at page 40, line 49 ¶ | skipping to change at page 41, line 4 ¶ | |||
| password = MJVMZlHR75mILg | password = MJVMZlHR75mILg | |||
| + | + | |||
| +[barcorp] | +[barcorp] | |||
| +endpoint = https://barcorp.example/ | +endpoint = https://barcorp.example/ | |||
| +username = examplecorptest | +username = examplecorptest | |||
| +password = correct-horse-battery-staple | +password = correct-horse-battery-staple | |||
| --8dfc0e9ecf-- | --8dfc0e9ecf-- | |||
| --6ae0cc9247-- | --6ae0cc9247-- | |||
| --c72d4fa142 | --c72d4fa142 | |||
| content-type: application/pgp-signature | content-type: application/pgp-signature | |||
| -----BEGIN PGP SIGNATURE----- | -----BEGIN PGP SIGNATURE----- | |||
| wnUEARYKAB0FAl2tviMWIQTrhbtfozp14V6UTmPyMVUMT0fjjgAKCRDyMVUMT0fj | wnUEARYKAB0FAl2tviMWIQTrhbtfozp14V6UTmPyMVUMT0fjjgAKCRDyMVUMT0fj | |||
| juFdAQDjMySpe88yowVduslDi/IGFTGNn1d0ZxpA3IGW5Ss8ZQD9H2zbBtiKXtc7 | jrR3AP9H2o1HBGLwkz5qzBgGmXsXLrc2xbluWtYmiDQcnq3e9QEA+DaBG1gEXasg | |||
| axmvtiKF4z1DdY/IgOKFfmyGX2WZrws= | 7OfAEqT4DrOivtNo18CxpIPrskgOXws= | |||
| =Sv5w | =Ul2/ | |||
| -----END PGP SIGNATURE----- | -----END PGP SIGNATURE----- | |||
| --c72d4fa142-- | --c72d4fa142-- | |||
| 10. IANA Considerations | 10. IANA Considerations | |||
| FIXME: register content-type parameter for legacy-display part | FIXME: register content-type parameter for legacy-display part | |||
| MAYBE: provide a list of user-facing headers, or a new "user-facing" | MAYBE: provide a list of user-facing headers, or a new "user-facing" | |||
| column in some table of known RFC5322 headers? | column in some table of known RFC5322 headers? | |||
| skipping to change at page 42, line 43 ¶ | skipping to change at page 43, line 13 ¶ | |||
| message. | message. | |||
| 12. Privacy Considerations | 12. Privacy Considerations | |||
| This document only explicitly contemplates confidentiality protection | This document only explicitly contemplates confidentiality protection | |||
| for the Subject header, but not for other headers which may leak | for the Subject header, but not for other headers which may leak | |||
| associational metadata. For example, "From" and "To" and "Cc" and | associational metadata. For example, "From" and "To" and "Cc" and | |||
| "Reply-To" and "Date" and "Message-Id" and "References" and "In- | "Reply-To" and "Date" and "Message-Id" and "References" and "In- | |||
| Reply-To" are not explicitly necessary for messages in transit, since | Reply-To" are not explicitly necessary for messages in transit, since | |||
| the SMTP envelope carries all necessary routing information, but an | the SMTP envelope carries all necessary routing information, but an | |||
| encrypted [RFC2822] message as described in this document will | encrypted [RFC5322] message as described in this document will | |||
| contain all this associational metadata in the clear. | contain all this associational metadata in the clear. | |||
| Although this document does not provide guidance for protecting the | Although this document does not provide guidance for protecting the | |||
| privacy of this metadata directly, it offers a platform upon which | privacy of this metadata directly, it offers a platform upon which | |||
| thoughtful implementations may experiment with obscuring additional | thoughtful implementations may experiment with obscuring additional | |||
| e-mail headers. | e-mail headers. | |||
| 13. Document Considerations | 13. Document Considerations | |||
| [ RFC Editor: please remove this section before publication ] | [ RFC Editor: please remove this section before publication ] | |||
| This document is currently edited as markdown. Minor editorial | This document is currently edited as markdown. Minor editorial | |||
| changes can be suggested via merge requests at | changes can be suggested via merge requests at | |||
| https://github.com/autocrypt/protected-headers or by e-mail to the | https://github.com/autocrypt/protected-headers or by e-mail to the | |||
| authors. Please direct all significant commentary to the public IETF | authors. Please direct all significant commentary to the public IETF | |||
| LAMPS mailing list: spasm@ietf.org | LAMPS mailing list: spasm@ietf.org | |||
| 13.1. Document History | 13.1. Document History | |||
| Changes between version -00 and -01: | ||||
| * Credit Randall for "correct horse battery staple". | ||||
| * Adjust test vectors to ensure no line in the generated .txt format | ||||
| exceeds 72 chars. | ||||
| * Minor formatting cleanup to appease idnits. | ||||
| * Update references to more recent documents (RFC 2822 -> 5322, -00 | ||||
| to -01 of draft-ietf-lamps-header-protection-requirements). | ||||
| 14. Acknowledgements | 14. Acknowledgements | |||
| The set of constructs and algorithms in this document has a previous | The set of constructs and algorithms in this document has a previous | |||
| working title of "Memory Hole", but that title is no longer used as | working title of "Memory Hole", but that title is no longer used as | |||
| different implementations gained experience in working with it. | different implementations gained experience in working with it. | |||
| These ideas were tested and fine-tuned in part by the loose | These ideas were tested and fine-tuned in part by the loose | |||
| collaboration of MUA developers known as [Autocrypt]. | collaboration of MUA developers known as [Autocrypt]. | |||
| Additional feedback and useful guidance was contributed by attendees | Additional feedback and useful guidance was contributed by attendees | |||
| skipping to change at page 43, line 38 ¶ | skipping to change at page 44, line 17 ¶ | |||
| The following people have contributed implementation experience, | The following people have contributed implementation experience, | |||
| documentation, critique, and other feedback: | documentation, critique, and other feedback: | |||
| * Holger Krekel | * Holger Krekel | |||
| * Patrick Brunschwig | * Patrick Brunschwig | |||
| * Vincent Breitmoser | * Vincent Breitmoser | |||
| The password example used in Section 9 comes from [xkcd936]. | ||||
| 15. References | 15. References | |||
| 15.1. Normative References | 15.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC2822] Resnick, P., Ed., "Internet Message Format", RFC 2822, | ||||
| DOI 10.17487/RFC2822, April 2001, | ||||
| <https://www.rfc-editor.org/info/rfc2822>. | ||||
| [RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler, | [RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler, | |||
| "MIME Security with OpenPGP", RFC 3156, | "MIME Security with OpenPGP", RFC 3156, | |||
| DOI 10.17487/RFC3156, August 2001, | DOI 10.17487/RFC3156, August 2001, | |||
| <https://www.rfc-editor.org/info/rfc3156>. | <https://www.rfc-editor.org/info/rfc3156>. | |||
| [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. | [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. | |||
| Thayer, "OpenPGP Message Format", RFC 4880, | Thayer, "OpenPGP Message Format", RFC 4880, | |||
| DOI 10.17487/RFC4880, November 2007, | DOI 10.17487/RFC4880, November 2007, | |||
| <https://www.rfc-editor.org/info/rfc4880>. | <https://www.rfc-editor.org/info/rfc4880>. | |||
| [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, | ||||
| DOI 10.17487/RFC5322, October 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5322>. | ||||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| 15.2. Informative References | 15.2. Informative References | |||
| [Autocrypt] | [Autocrypt] | |||
| "Autocrypt Specification 1.1", 13 October 2019, | "Autocrypt Specification 1.1", 13 October 2019, | |||
| <https://autocrypt.org/level1.html>. | <https://autocrypt.org/level1.html>. | |||
| [I-D.draft-bre-openpgp-samples-00] | [I-D.draft-bre-openpgp-samples-00] | |||
| Einarsson, B., juga, j., and D. Gillmor, "OpenPGP Example | Einarsson, B., juga, j., and D. Gillmor, "OpenPGP Example | |||
| Keys and Certificates", Work in Progress, Internet-Draft, | Keys and Certificates", Work in Progress, Internet-Draft, | |||
| draft-bre-openpgp-samples-00, 15 October 2019, | draft-bre-openpgp-samples-00, 15 October 2019, | |||
| <http://www.ietf.org/internet-drafts/draft-bre-openpgp- | <http://www.ietf.org/internet-drafts/draft-bre-openpgp- | |||
| samples-00.txt>. | samples-00.txt>. | |||
| [I-D.draft-ietf-lamps-header-protection-requirements-00] | [I-D.draft-ietf-lamps-header-protection-requirements-01] | |||
| Melnikov, A. and B. Hoeneisen, "Problem Statement and | Melnikov, A. and B. Hoeneisen, "Problem Statement and | |||
| Requirements for Header Protection", Work in Progress, | Requirements for Header Protection", Work in Progress, | |||
| Internet-Draft, draft-ietf-lamps-header-protection- | Internet-Draft, draft-ietf-lamps-header-protection- | |||
| requirements-00, 8 July 2019, <http://www.ietf.org/ | requirements-01, 29 October 2019, <http://www.ietf.org/ | |||
| internet-drafts/draft-ietf-lamps-header-protection- | internet-drafts/draft-ietf-lamps-header-protection- | |||
| requirements-00.txt>. | requirements-01.txt>. | |||
| [I-D.draft-luck-lamps-pep-header-protection-03] | [I-D.draft-luck-lamps-pep-header-protection-03] | |||
| Luck, C., "pretty Easy privacy (pEp): Progressive Header | Luck, C., "pretty Easy privacy (pEp): Progressive Header | |||
| Disclosure", Work in Progress, Internet-Draft, draft-luck- | Disclosure", Work in Progress, Internet-Draft, draft-luck- | |||
| lamps-pep-header-protection-03, 5 July 2019, | lamps-pep-header-protection-03, 5 July 2019, | |||
| <http://www.ietf.org/internet-drafts/draft-luck-lamps-pep- | <http://www.ietf.org/internet-drafts/draft-luck-lamps-pep- | |||
| header-protection-03.txt>. | header-protection-03.txt>. | |||
| [OpenPGP-Email-Summit-2019] | [OpenPGP-Email-Summit-2019] | |||
| "OpenPGP Email Summit 2019", 13 October 2019, | "OpenPGP Email Summit 2019", 13 October 2019, | |||
| skipping to change at page 45, line 24 ¶ | skipping to change at page 46, line 5 ¶ | |||
| [RFC7508] Cailleux, L. and C. Bonatti, "Securing Header Fields with | [RFC7508] Cailleux, L. and C. Bonatti, "Securing Header Fields with | |||
| S/MIME", RFC 7508, DOI 10.17487/RFC7508, April 2015, | S/MIME", RFC 7508, DOI 10.17487/RFC7508, April 2015, | |||
| <https://www.rfc-editor.org/info/rfc7508>. | <https://www.rfc-editor.org/info/rfc7508>. | |||
| [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ | [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ | |||
| Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 | Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 | |||
| Message Specification", RFC 8551, DOI 10.17487/RFC8551, | Message Specification", RFC 8551, DOI 10.17487/RFC8551, | |||
| April 2019, <https://www.rfc-editor.org/info/rfc8551>. | April 2019, <https://www.rfc-editor.org/info/rfc8551>. | |||
| [xkcd936] Munroe, R., "xkcd: Password Strength", 10 August 2011, | ||||
| <https://www.xkcd.com/936/>. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Bjarni Rúnar Einarsson | Bjarni Rúnar Einarsson | |||
| Mailpile ehf | Mailpile ehf | |||
| Baronsstigur | Baronsstigur | |||
| Iceland | Iceland | |||
| Email: bre@mailpile.is | Email: bre@mailpile.is | |||
| juga | juga | |||
| End of changes. 52 change blocks. | ||||
| 209 lines changed or deleted | 231 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||