ietf-822
[Top] [All Lists]

Re: "Obsoletes" is a much needed Internet mail feature

1994-08-18 17:30:48
At 10:01 AM 8/18/94, Dana S Emery wrote:
Privacy needs to be a concern here, unless this feature were
backed up by some form of authentication I would hesitate to
consider it a _good thing_, even assuming it had widespread
implementation.  I would not want to see the enablement of
a way for hackers to conduct "mail-wars".

I agree.

But let's postulate that both the message and the cancellation are signed
with PEM or PGP or something, and both signatures match.  Under what
circumstances would it be appropriate for an MTA or MUA to make use of the
Obsoletes: header?  What feedback (if any) should go to the sender or
recipient?

A signature match is neither necessary nor sufficient. There are plenty of
cases (e.g. a signed contract) where the originator of the message has
absolutely no right to obsolete it.

I can think of several states for a message:

- in transit
- in user's "maildrop", unseen by user
- under control of user's MUA, unseen by user
- seen by user

(These state are by no means exhaustive or even well-defined for many
mailsystems; but they might at least serve as a starting point.)

It's easy (I think) to see that it's perfectly fine to cancel something in
transit,

I completely disagree. Cancellation of messages in transit is absolutely
unacceptable, and signatures do not change this. In addition to unnecessarily
complicating the transport layer, this assumes a particular ownership model
(originator owns message until final delivery happens) that causes serious
problems for some kinds of services. (Take a moment and consider how this would
interact with a user intent on committing fraud and a COD payment system, for
instance.)

and have the recipient be none the wiser.

You cannot assume that the recipient and the sender are the only interested
parties here? There are situations where the use of a neutral third party
provider of the transport layer is vital.

It's also easy to see
that you don't snatch a message away while a user is reading it, and
pretend that it never existed.  But what about between those extremes?

Systems do exist that allow this to happen.

                                Ned

<Prev in Thread] Current Thread [Next in Thread>