IETF Logo Mail Archive

RE: Signed Receipts and Mail Lists

"Jim Schaad" <jimsch@nwlink.com> Fri, 27 June 2003 20:04 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA18310 for <smime-archive@lists.ietf.org>; Fri, 27 Jun 2003 16:04:25 -0400 (EDT)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h5RJcDrb060580 for <ietf-smime-bks@above.proper.com>; Fri, 27 Jun 2003 12:38:13 -0700 (PDT) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.9/8.12.9/Submit) id h5RJcDT4060579 for ietf-smime-bks; Fri, 27 Jun 2003 12:38:13 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.173]) by above.proper.com (8.12.9/8.12.8) with ESMTP id h5RJcCrb060571 for <ietf-smime@imc.org>; Fri, 27 Jun 2003 12:38:12 -0700 (PDT) (envelope-from jimsch@nwlink.com)
Received: from ROMANS (ip237.c132.blk1.bel.nwlink.com [209.20.132.237]) by smtp3.pacifier.net (Postfix) with ESMTP id 058756DAC8; Fri, 27 Jun 2003 12:38:13 -0700 (PDT)
Reply-To: jimsch@exmsft.com
From: Jim Schaad <jimsch@nwlink.com>
To: "'g.lunt'" <Graeme.Lunt@nexor.co.uk>, "'Sean P. Turner'" <turners@ieca.com>
Cc: 'ietf-smime' <ietf-smime@imc.org>
Subject: RE: Signed Receipts and Mail Lists
Date: Fri, 27 Jun 2003 12:38:16 -0700
Message-ID: <009701c33ce3$a86b4170$3d0311ac@augustcellars.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
In-Reply-To: <001101c33aec$fee550c0$d2353fc1@nexor.co.uk>
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit

Sean,

I have had many discussions with people on this issue.  It is very
likely that an MLA would return a receipt to the originator of the
message either on initial receipt (I got it and distributed it) or after
a specific percentage of people on the list have returned receipts.
This is the only way to handle receipts in the case of a mailing list
whose memebership is hidden from senders.  

This being said the problem here is that you are using a single
certificate for two distinct individuals (i.e. the two different mailing
lists) and asking somebody (the sender of the message) to try and guess
which indiviual was being refered to.  In this case each MLA should have
it's own certificate (and hopefully different key pairs) in order to
allow for distinctness of identity to be known.

Graeme,

If we adopted the solution you gave, what limits me from making
arbitrary statements about who I am in this field that then need to be
independently verified by the receipt processing code?  (I.e. what if I
put the fact that I am turners@ieca.com in this field and sign with my
jimsch@exmsft.com certificate).

jim

> -----Original Message-----
> From: owner-ietf-smime@mail.imc.org 
> [mailto:owner-ietf-smime@mail.imc.org] On Behalf Of Graeme Lunt
> Sent: Wednesday, June 25, 2003 12:40 AM
> To: 'Sean P. Turner'
> Cc: 'ietf-smime'
> Subject: RE: Signed Receipts and Mail Lists
> 
> 
> 
> Sean,
>  
> > I'm not sure that the MLA returns a receipt on behalf of the ML 
> > members.
> 
> OK - if an MLA should not return signed receipts then there 
> is not a problem with my scenario. 
> 
> > I looked through ESS again and I couldn't find anything 
> that said if a  
> > message enters an MLA with a signed receipt request that it
> 
> > shouldn't or should return a receipt.    
> 
> Is an MLA considered a "receiving agent"/"receiving 
> software"/"processing software" in section 2.3 of ESS? I had 
> assumed that it was but agree it is unclear.
> 
> > Typically (I think), originators want to know that the 
> final recipient
> got 
> > the message not whether the MLA got it.
> 
> I think there are arguments for both. If an originator sends a message
> to:
> 
> complaints@bigbank.co.uk
> 
> the originator probably only wants to know that it got to the 
> complaints department at bigbank. The originator doesn't want 
> to know (and bigbank doesn't want to let the originator know) 
> which individuals within bigbank read the message.
> 
> > Then again maybe I didn't understand your scenario.
> 
> I don't think the originator needs to understand if the 
> addresses they are requesting signed receipts from are 
> address lists or not. If an originator sends a message to two 
> recipients - one a mail list, one an individual - and 
> requests first tier signed receipts, they will never receive 
> a signed receipt from the mail list recipient. The user may 
> find this unexpected. Correlation software *may* be able to 
> detect a mail list recipient and handle it appropriately.
> 
> 
> Graeme
> 
>

v2.35.0 | Report a Bug | By Email | System Status