+test_begin_subtest "protected subject does not leak by default in replies"
+output=$(notmuch reply --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" \
+ 'crypto:["original"]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \
+ 'subject:["original"]["headers"]["Subject"]="This is a protected header"' \
+ 'reply-subject:["reply-headers"]["Subject"]="Re: Subject Unavailable"'
+