Re: Signed Receipts and Mail Lists

"Sean P. Turner" <turners@ieca.com> Tue, 24 June 2003 19:18 UTC

Message-ID: <3EF89A0B.4000901@ieca.com>
Date: Tue, 24 Jun 2003 14:35:55 -0400
From: "Sean P. Turner" <turners@ieca.com>
Organization: IECA, Inc.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02
MIME-Version: 1.0
To: "g.lunt" <Graeme.Lunt@nexor.co.uk>
CC: ietf-smime <ietf-smime@imc.org>
Subject: Re: Signed Receipts and Mail Lists
References: <001301c33a56$13ca7660$d2353fc1@nexor.co.uk>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
Content-Transfer-Encoding: 7bit

Graeme,

I'm not sure that the MLA returns a receipt on behalf of the ML members. 
 I looked through ESS again and I couldn't find anything that said if a 
message enters an MLA with a signed receipt request that it shouldn't or 
should return a receipt.    Typically (I think), originators want to 
know that the final recipient got the message not whether the MLA got it.

Then again maybe I didn't understand your scenario.

spt

Graeme Lunt wrote:

>Hi,
>
>We have recently encountered an issue when trying to correlate signed
>receipts when using mail lists.
>
>Issue:
>
>When a MLA supports multiple lists using a single public/private key
>pair, it appears that there is insufficient information within a signed
>receipt generated by the MLA to determine to which recipient the signed
>receipt relates. 
>
>Take the case where a message is sent to two recipients, R1 and R2, and
>the user makes an "all" signed receipt request.
>
>R1 is actually a Mail List supported by an MLA using a single
>public/private key pair, MLA1.
>
>MLA1 receives the message for R1, expands the list, and sends a signed
>receipt "on behalf of" R1 back to the originator.
>
>The originator can identify the message to which the signed receipt
>relates (from the signedContentIdentifier) but not the recipient as the
>signature on the receipt is from MLA1. There is no way to relate this
>receipt to either R1 or R2.
>
>Possible resolution:
>
>One way to resolve this problem would be to add an extension to the
>Receipt syntax to include
>
>   ....
>   receiptFrom GeneralNames OPTIONAL
>}
>
>This field would allow the indication of whom the signed receipt was
>sent from and consequently correlation with the original recipient list.
>This also allows other scenarios where a third party may acknowledge
>receipt for a given recipient for example an assistant reading a
>managers mail. 
>
>This functionality is comparable to that of the "IPM Intended Recipient"
>field of an X.400 IPN.
>
>Also, if considering changing the Receipt structure it may be worthwhile
>adding an extension bucket at the same time (or even to support
>receiptFrom).
>
>Am I missing something?
>
>Graeme
>
>
>  
>

Signed Receipts and Mail Lists Graeme Lunt
Re: Signed Receipts and Mail Lists Sean P. Turner
RE: Signed Receipts and Mail Lists Graeme Lunt
RE: Signed Receipts and Mail Lists Jim Schaad
RE: Signed Receipts and Mail Lists Graeme Lunt
RE: Signed Receipts and Mail Lists Russ Housley
RE: Signed Receipts and Mail Lists Graeme Lunt
RE: Signed Receipts and Mail Lists Russ Housley