If obsoletes is implemented in this way, I see no privacy
concerns. If you feel strongly about this, the best might
be to say that only the original author and no one else
can obsolete a message. That is the way it is defined in
This isn't what the standards say.
That is the way it is defined in X.400. X.400 says that
only the "authorizing users", which corresponds to the
"From:" field in RFC 822, is allowed to obsolete its
Sorry, the X.400 standard DOES NOT say this. Here, for the second time, is the
exact text from X.420:
The Obsoleted IPMs heading field [D no subfields (i.e. elements)] identifies
zero or more IPMs that the authorizing users of the present IPM consider
it to obsolete. It comprises a Sequence of sub-fields, each an IPMidentifier,
one for each IPM.)
It really is rather clever. The obsoletes list in the *current message* is a
list composed by the author of the *current message*, not the author of the
obsoleted messages. There is nothing that says the authors have to be the same.
In fact, it is quite clear from qualification "consider to be" that no
authority of any kind is needed to obsolete somebody else's message. All I have
to do is consider them to be obsolete, say so, and its done.
All this neatly avoids the messy swamp you get into once you start talking
about whether or not A has the right to obsolete B. Even if you simply things
and say that A and B have to the same user, how do you propose to define "same
user" in a way that can actually be implemented as a test in software?