RFC 9788 “Header Protection for Cryptographically Protected Email” includes the following statement:
The authors of this document hope that implementers with deployment experience will document their chosen HCP and the rationale behind their choice.
The Header Confidentiality Policy used by Delta Chat is easy enough to describe. In RFC 9788-style pseudocode, it might look like this:
hcp_unnamed(name, val_in) -> val_out:
if lower(name) is 'from':
assert that val_in is an RFC 5322 mailbox
return the RFC 5322 addr-spec part of val_in
else if lower(name) is 'to':
return '"hidden-recipients": ;'
else if lower(name) is 'date':
return a random date within the last 7 days
else if lower(name) is 'subject':
return '[...]'
else if lower(name) is in ['message-id', 'in-reply-to', 'references',
'chat-version', 'chat-is-post-message']:
return val_in
else:
return null
I would like to adapt this Header Confidentiality Policy for bower (GitHub - wangp/bower: A curses terminal client for the Notmuch email system · GitHub) as a configurable option for advanced users – so it would be handy if I had a name for it (and maybe a URL I could point to). I also expect that Delta Chat will modify the Header Confidentiality Policy in the future. E.g. to also mask (or spoof) ‘message-id’, ‘in-reply-to’, and ‘references’. So maybe a name like ‘hcp_delta_chat_2026’ or ‘hcp_delta_chat_0x01’ would work well?
For my own needs, it would be enough if there was a simple txt/html/md file on the website or on Github that names and describes the Header Confidentiality Policy (or, in the future, Policies) used by (different versions of) Delta Chat. But if you are very ambitious, RFC 9788 also includes guidance on how to register a Header Confidentiality Policy with IANA.