@juga0 points out in #14 that we don't actualy know whether an ellipsis really language-agnostic. What about non-western languages? what about non-alphabetic languages?

My suspicion is that if users of those languages are using e-mail they are at least exposed to US ASCII at some level, but i have no data to back that up. and i also don't know anything about the cultural implications of the ellipsis (outside of western writing), broadly speaking.

The structure of the document is still a bit confusing.

We have Message Composition and Message Interpretation, which both sandwich the Legacy Display part, which itself includes both composition and interpretation instructions.

It'd be nice for a future revision of the draft to have a clearer organizing principle.

The draft probably needs some explanatory text about how to craft a decent-looking legacy display part. for example, it doesn't need to be RFC 2047-encoded, etc.

there are non-user-facing headers that are actionable during reply (e.g. that shift the behavior of the MUA somehow), like Reply-To and Mail-Followup-To. (and maybe Sender and Return-Path) ?

I worry that if we don't call these out specifically, then we are vulnerable to (at least) recipient-modification attacks.

I'm not sure how to characterize or exhaustively enumerate all such headers, or where in the spec such a mention belongs. The concept is subtly different from user-facing headers.

Speaking with Alexey Melnikov at IETF 106, he says that he thinks this approach should be fine with S/MIME.

At the LAMPS WG session there was agreement that we wanted:

• Test vectors of messages (including S/MIME):
• Screenshots of how these messages render in multiple clients

So the next revision of this draft should try to at least include the S/MIME examples.

in #14, @juga0 points out that "transit-oriented" header isn't well-defined. should we add such a definition?

fwiw, i have only a fuzzy definition of this idea myself, and was originally using the idea in only a vague/intuitive sense, hoping that it was only used in an advisory sense, not in an explicit or normative sense. That is, it would be really bad if an undefined term was used to direct implementers to make specific choices. But if it's used mainly for flavor/intuition/insight, maybe it's ok to leave it undefined?

I'm guessing by the age of last modifications of this repository that this draft has died?

I'm assuming one of the goals of this proposal was to be able to protect the Autocrypt: header from tampering (i.e. MitM attack). Is that correct?

Is there some subsequent work meant to replace this dead draft in achieving the above goal (among others)?

We still have this FIXME:

• FIXME: Enigmail adds protected-headers="v1" parameter to the Content-Type: of the Cryptographic Payload. Is this necessary?

My question is: do we need this? If its presence would be actionable in some way, then yes, i think we need it.

If it is not actionable, then i don't see what we gain from it.

Until today, i didn't understand any actionable behavior from it. But reading @BjarniRunar 's "Reverse-Copying" explanation, i realized that maybe it could be used as a clear signal to a receiving MUA that it should drop missing Exposed Headers.

given that:

• the purpose of the legacy display part is purely decorative, and
• the legacy display part will never be rendered by any non-legacy client, and
• more legacy clients are likely to actually render a text/plain part instead of a text/rfc822-headers part,

should we consider changing the legacy display part to use Content-Type: text/plain?

Also, if protected-headers="v1" is used to identify a cryptographic payload as containing protected headers (see #21), does it make sense to use the same parameter to identify the legacy display part? Shouldn't it be something like legacy-display="v1" or protected-headers="legacy-display" ?

Part of my reluctance to make either change is that some messages containing legacy display parts as described in the current document already exist. Do we want to discourage clients from dealing with them well by specifying only a new way to identify legacy display parts going forward?

We could specify for generating clients to generate the new form, and for receiving clients to handle both forms, but that sort of defeats the cleanliness rationale for having the "right" kind of markings.

On the other hand, if the only cost is that some encrypted messages from a couple of years render a little bit uglier than they used to, but we get cleaner signalling going forward, that might be a nice win.

On the third hand, legacy display is (hopefully) only useful for a limited time as it is transitioned away. So perhaps doing this cleanup would be more pain than benefit.

terms about MIME structure are thrown around in the document without explicit definitions. maybe add to the Terminology section?

For example, "MIME leaf part" and "MIME tree" and "MIME part" and "MIME subtree"