In secure mode, during message composition, mml crafts a MIME message
before applying the necessary transformations for cryptographic
protections.

I think the function of preparing this stuff happens in
message-encode-message-body and in mml-generate-mime.

It would be great if those preparations were to copy all the headers
from *outside* of the cryptographic protections (the "cryptographic
envelope") to the top-level part *inside* the cryptographic envelope, so
that they're covered by the cryptographic protections.

The only header you probably don't want to copy is Content-Type, since
the Content-Type outside the cryptographic protections is pretty clearly
different from the one on the inside.

If this simple copy is done, then the subject line of a signed message
can be verified by the client (as can other headers, but Subject is
probably most relevant).

The request above doesn't keep the subject line secret in the case of an
encrypted message, but it sets the stage for doing so.  It is concretely
useful on its own in any case for signed-only messages, and has no
downsides.

Once the headers are regularly copied into the top-level part of the
cryptographic payload, the *outer* Subject for an encrypted message can
be replaced with "Subject Unavailable" -- then mail user agents like
enigmail and K-9 will be able to read the subject of encrypted messages,
but they won't leak outside.  I'll open that as a separate issue once
we've gotten the first part described here taken care of

So this particular feature request is *just* about outbound message
composition and only covers header protection for signed messages.

For incoming message handling of encrypted messages with protected
headers, I have a patch queue ready to handle that (for Subject: at
least) in notmuch-emacs.

          --dkg