{"draft":"draft-ietf-lamps-header-protection-25","doc_id":"RFC9788","title":"Header Protection for Cryptographically Protected Email","authors":["D. K. Gillmor","B. Hoeneisen","A. Melnikov"],"format":["HTML","TEXT","PDF","XML"],"page_count":"218","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Limited Additional Mechanisms for PKIX and SMIME","abstract":"S\/MIME version 3.1 introduced a mechanism to provide end-to-end\r\ncryptographic protection of email message headers. However, few\r\nimplementations generate messages using this mechanism, and several\r\nlegacy implementations have revealed rendering or security issues\r\nwhen handling such a message.\r\n\r\nThis document updates the S\/MIME specification (RFC 8551) to offer a\r\ndifferent mechanism that provides the same cryptographic protections\r\nbut with fewer downsides when handled by legacy clients. Furthermore,\r\nit offers more explicit usability, privacy, and security guidance for\r\nclients when generating or handling email messages with cryptographic\r\nprotection of message headers.\r\n\r\nThe Header Protection scheme defined here is also applicable to\r\nmessages with PGP\/MIME (Pretty Good Privacy with MIME) cryptographic\r\nprotections.","pub_date":"August 2025","keywords":["Header Protection","Header Confidentiality Policy","HCP","cryptographic email","email encryption","encryption","encrypt","signature","sign","S\/MIME","PGP\/MIME","Legacy Display","Legacy Display Element","MIME","Privacy","HP-Outer","hp-legacy-display","hp"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC8551"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9788","errata_url":null}