Subject of emails

I agree that changing the sending of Subjects with DC is worthwhile. Your suggestion requires, i guess, a lot of implementation and documentation work, though, and then after that maintenance and bug fixes. Do you have any simpler suggestion than “full customizability”?

Yes. If I had to pick one, just [First few words of the message] is the best subject. It just tells people what’s in the message. It does not confuse people on other MUA’s with the weird “Chat:” prefix and the even weirder “Group name”.

If not seen already: https://github.com/deltachat/deltachat-core/issues/128#issuecomment-423133007

Then what the point to use encrypted communication if words from body leaking to unencrypted subject field ? Especially that DC is a chat program and usually body of messages in such apps contains a few words when people communicating, so basically your proposal defeat the gist of DC - encrypted communication.

Good point

What about a standard subject like:

“Chat: between chatstarter@anyhost.net and recipientOnChatStart@anyhost.net” ?

This way Chats can on MUA’s easy grouped.
The mailaddresses are anyway as plaintext in the header.

And for group chats maybe something like:

“Group chat: Group name”

Group name is also disclosing information.

Well, may be some1 wouldn’t like it, but IMO - it is either encrypted communication or just use plain emails. It isn’t possible to seat on two different chairs that stay far away from each other.

A group name can set carefully if it’s a sensible group (the most probably not).
So I think this would be “sufficient security”.

And there also could be a “paranoid” setting:

For every encrypted message set the subject to “encrypted message”.

in fact, this is always and automatically done by Delta Chat.

whatever the subject is, it is not added to the unencrypted part of a message.

instead, the “real” subject is moved to the encrypted part and the “standard” subject is replaced by a placeholder [via spec/spec.md at master · deltachat/spec · GitHub]

When it comes to encryption/security there no other settings besides of “paranoid”
It either encrypted/secure or it is not.

Using autocrypt is always only “sufficient security”.
Theoretical a man in the middle could replace the public key in the unencrypted header.

So a self choosed subject (group name) ist not that security risk.

You could use the group name to confuse

Call the group “cooking group”

And inside the encrypted body you could organize a rebellion

nb: also with autocrypt, you can out-of-band verify keys, eg. using the “setup contact qr code scanning” in delta chat, even before sending the first message.

I didn’t get it. It is asymmetric cryptography, if associated with private key, public key changed then private key won’t decrypt such message, public key is part of the same puzzle that contains private and public keys. Loose one piece of puzzle and decryption will be broken.

I do have some thought about this issue: for those who turned on “preferred end-to-end encryption” in advance settings there shouldn’t be any leaking information and for those who don’t care about privacy they can choose to leak some limited info to unencrypted part of message.

@AlexJ

Here a theoretical and simplified scenario.

Alice send a mail to Bob.
In the (unencrypted) header is Alice’s public key.

The man in the middle catch this mail.
He replaced Alice’s key with his public key.
He send this mail to Bob.

Bob replay this mail and encrypt it with the key in the header by believing it’s Alice’s key.

The man in the middle catch this mail too.
Now he can read this mail.

Then he replace Bobs key, encrypt this mail with Alice’s public key.

And so on.

Of course, as @r10s already said, if you are carefully and check the fingerprints of the keys and the signatures it’s very secure (sufficient security) but not absolutely.

The same as by self choosed subject.
If you are carefully it’s sufficient secure.

i think there are very few things that are absolutely secure

I absolutely agree

E.g. The man in the middle have first got access to the Mailaccount of Alice or Bob or have to break the transport encryption.

My theoretical scenario can only used as a direct attack to a special communication and is very hard to realize.
There is no way for attack masses of communications automated.

That’s why I said “theoretical”.

I’m sure for the normal hacker it’s nearly impossible and much to expensive.

Let’s stay on topic please. Leaking info in the Subject is a good point, but DC doesn’t do that. We are discussing Subject for unencrypted emails.

I don’t think so. There would be 3 possibilities that come into my mind:

• My favourite one: Let the user enable or disable a row of checkboxes: (they won’t be able to change the order then, but I actually think that this reduces confusion)

  [Prefix] – and let the user specify the prefix, such as “Chat:”
  [Group name]
  [First few words of the message]
  [Existing subject] (works only if this is a reply)

• From WinAuthFan: Let the user choose a template string like Chat: <firstwords> in which all occurences of firstwords are replaced → will need documentation but should actually be quite easy to implement.

• Just give some possiblities like Re: [subject] the user can choose from (easy to implement and no need to explain but not that customizable)

I definitely think that the effort is worth it.

I think that dc subjects needs a rework, I don’t like the piece of body in the subject, (even some user complained about it, because “the message body is protected by the law(it is illegal to check it), but the subject isn’t”

Anyway I don’t think letting the user select the subject format would be good nor for users nor for developers if users needs to write an email instead of a chat message what they need is a email view in Delta Chat: [Discussion] Make DC a replacement for MUAs? - #12 by testbird

You could just default the Subject to “Delta Chat” or “Chat”. This would be ignored by the app but email only users would only have this as their subject line. It is simple and doesn’t compromise security issues. This would also group message for email users on subject to the same recipient.