[Autocrypt] Q: Blacklist media types for outbound header injection and encryption
Albrecht Dreß
albrecht.dress at arcor.de
Fri Nov 30 13:39:51 EST 2018
Hi all,
while working on the Autocrypt implementation for Balsa, I stumbled over the following questions.
Section “Updating Autocrypt Peer State” states that multipart/report messages (inter alia RFC 3798 MDN's) should be ignored. This in turn means that MUA's should never add Autocrypt headers to MDN's and other multipart/report messages (e.g. RFC 5965, RFC 6591) which are intended to be processed automatically, right? It might be worth to mention this in section “Header injection in outbound mail”.
However, IMHO there may be other top-level content types which indicate that the message is to be processed automatically, e.g. text/calendar (RFC 5545). How should such messages be treated? My feeling is that Autocrypt headers should not be added (outgoing) or ignored (incoming), respectively, like multipart/report.
Regarding signing and encryption: IMHO such messages should not be signed or encrypted as this would typically break automatic processing. Or did I miss something here? Wouldn't it make sense to add a statement about it to the “Provide a recommendation for message encryption” section?
Cheers,
Albrecht.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/autocrypt/attachments/20181130/c1ddfd05/attachment.sig>
More information about the Autocrypt
mailing list