You are right. I misread the text in X.400.
On Fri, 19 Aug 1994, Ned Freed wrote:
Even if you simplify things
and say that A and B have to the same user, how do you propose to define "same
user" in a way that can actually be implemented as a test in software?
Presumably the obsoletion is sent from the same UA as the obsoleted
message, and so will produce exactly the same text in the From: field.
So my proposal for an implementation would be something like this:
(1) If the recipient has already seen the old version, show him
the new version with an obsoletes field.
(2) If the recipient has not yet seen either version, and if
the "From:" of the obsoleting message has authority to
obsolete it, show only the new version, but indicate that
it is an obsoletion and allow the recipient to retrieve
the old version with a suitable command.
(3) Otherwise, show both versions.
(4) When showing an obsoleting message, and where the "From:"
of the obsoleting message does not seem to have authority
to obsolete it, give a warning about this in the heading.
(5) Checking of authority to obsolete might be done in the
following way:
(a) If the recipient mailbox owner accepts weak authentication,
accept authority if the "From:" fields are identical,
or accept authority if the "From:" field matches that
of a moderator name for the distribution list in the
"To:" field, which moderator name the recipient UA
owner has stored in his mailbox preferences. One could
discuss whether "matches" should mean identity only
in the formal part of the name, or also in the part
called "phrase" in Internet and "free-form-name" in X.400.
(b) If the recipient mailbox owner requires strong authentication,
require certified digital signatures instead.
The details of this need maybe not be standardised. For example,
a good recipient client software might allow a client to accept
weak authentication for certain distribution lists, but require
strong authentication for other lists.
Of course it would be valuable if a service is provided for a
UA software to find out who is the moderator of a distribution
list without the UA owner having to store it. Some kind of
directory system would then be needed. My suggestion is that
this should be part of the specification of a more general
distribution list handling in Internet, not part of a specification
of the "obsoletes" field.
------------------------------------------------------------------------
Jacob Palme E-mail: jpalme(_at_)dsv(_dot_)su(_dot_)se
Phone: +46-8-664 77 48 or +46-8-16 16 67
Department of Computer and Fax: +46-8-664 77 48 between 9 am & 2 pm WET
Systems Sciences (DSV) Postal address: Skeppargatan 73,
Stockholm University S-11530 Stockholm, Sweden