email - parse incoming email for openpgp header
There is a draft protocol for an "openpgp" email header:
http://tools.ietf.org/html/draft-josefsson-openpgp-mailnews-header-06
an example might be:
OpenPGP: id=12345678; url=http://example.com/key.txt; preference=signencrypt
This issue is for parsing the incoming header. There is a separate issue for including the header in outgoing mail.
Thus far, the LEAP rule has been: use OpenPGP WHENEVER POSSIBLE. Technically, fully respecting the OpenPGP header would mean that we modify this behavior, since the preference=x might tell us that the user doesn't want to use encrypted email.
However, this poses a problem, since the header is not signed, honoring the preferences=x opens the possibility of a downgrade attack. we don't want that!
So, lets use this header only to discover the key if we have no other method of discovery, and disregard the preferences field.
This issue is low priority, since I don't think anyone is actually including this header in their sent mail. If we start supporting it, maybe others will too.
There are other headers we might parse:
- X-Enigmail-Version: not much help, just lists the version, but not key info.
- X-Request-PGP: also specifies URL to grab key. also not used by anyone, afaik.
(from redmine: created on 2013-09-19, closed on 2014-10-13, relates #5400 (closed))