More standardized method of encrypting the subject.

[kevinlekiller]

After doing a search on what email clients support reading an encrypted subject, it seems like the most standard way is to use pretty easy privacy, which the sender encrypts the whole original email, headers included, then the receiver decrypts and displays that original email.

The issue is pretty easy privacy is not widely supported. It's available as a plugin for Thunderbird and Outlook, on Android it's supported by Fairemail, on IOS there seems to be an application written by pretty easy privacy.

Both Simplelogin and Anonaddy put the subject in the body, but they do it in different ways which make it harder to standardize, I don't see Email clients trying to support 3 (or more, not trying to single out Simplelogin or Anonaddy, just using them as examples) different ways of displaying the original subject.

Perhaps you can add an option to use pretty easy privacy, or maybe there's something else I didn't find when searching that's more standardized for encrypted subjects at least.

[nguyenkims]

@kevinlekiller you can enable the "generic subject" option. SimpleLogin will replace the original subject by a generic one and put the original subject in the email content, which'll be protected by PGP.

[kevinlekiller]

Thanks for the reply. I'm aware of this option, and use it, it's great, but what I meant in the original post is this method of encrypting subjects is non standard so email clients (the ones I use anwyays, maybe there are some out there that do?) are not replacing the generic subject with the one in the body.

[nguyenkims]

Email subject is actually an email header and PGP doesn't encrypt the email headers. In order to support email subject encryption, we need to use another email encryption method which isn't as widely supported as PGP.

[jakob11git]

Isn't this just an extension of PGP/MIME that allows encrypting email headers? https://tools.ietf.org/id/draft-autocrypt-lamps-protected-headers-01.html Of course, the compatibility point would still stand, but for people who use conforming MUAs it could be a good option without switching over from PGP to something completely else. Or am I missing something?

[nguyenkims]

@jeifour the doc is a draft and I'm not sure if it's currently implemented in popular PGP clients.

[jakob11git]

@nguyenkims Lately I have switched to Thunderbird as my main email client, as their macOS version got a nice UI upgrade. After conversing with my friends I have found that Thunderbird will by default encrypt the Subject line, and that this has apparently been implemented since version 78 released in December 2020. Indeed it does seem like this is not without controversy, peruse this page on GnuPG's wiki: https://wiki.gnupg.org/EMailClients/Thunderbird

That being said, I guess we can take away from this:

• It is being implemented in popular PGP clients (K-9 Mail on Android will also soon rebrand to Thunderbird and implements the same), but only some PGP users would want to enable such a feature.
• There are downsides to encrypting the subject like the ones pointed out on the GnuPG page, but these would imho also apply to the current way of subject "encryption" that SimpleLogin employs.

What you make out of this, that's of course up to you. Personally if I had the choice between the current SimpleLogin implementation and the "standard-but-not-quite-yet" way of doing it that is employed by some email clients like Thunderbird, then I would opt for the latter, because I'm an user of such an email client.

[nguyenkims]

@jeifour thanks for the info on Thunderbird. Can we create a feature request to support subject encryption in PGP on https://github.com/simple-login/app/discussions so other people can upvote?

[jakob11git]

I guess https://github.com/simple-login/app/discussions/529 is already about this. Upvoted it.