[Top] [All Lists]

Re: "Obsoletes" is a much needed Internet mail feature

1994-08-20 08:57:45
You are right. I misread the text in X.400.

On Fri, 19 Aug 1994, Ned Freed wrote:

Even if you simplify things
and say that A and B have to the same user, how do you propose to define "same
user" in a way that can actually be implemented as a test in software?

Presumably the obsoletion is sent from the same UA as the obsoleted
message, and so will produce exactly the same text in the From: field.

So my proposal for an implementation would be something like this:

(1) If the recipient has already seen the old version, show him
    the new version with an obsoletes field.

(2) If the recipient has not yet seen either version, and if
    the "From:" of the obsoleting message has authority to
    obsolete it, show only the new version, but indicate that
    it is an obsoletion and allow the recipient to retrieve
    the old version with a suitable command.

(3) Otherwise, show both versions.

(4) When showing an obsoleting message, and where the "From:"
    of the obsoleting message does not seem to have authority
    to obsolete it, give a warning about this in the heading.

(5) Checking of authority to obsolete might be done in the
    following way:

    (a) If the recipient mailbox owner accepts weak authentication,
        accept authority if the "From:" fields are identical,
        or accept authority if the "From:" field matches that
        of a moderator name for the distribution list in the
        "To:" field, which moderator name the recipient UA
        owner has stored in his mailbox preferences. One could
        discuss whether "matches" should mean identity only
        in the formal part of the name, or also in the part
        called "phrase" in Internet and "free-form-name" in X.400.

    (b) If the recipient mailbox owner requires strong authentication,
        require certified digital signatures instead.

The details of this need maybe not be standardised. For example,
a good recipient client software might allow a client to accept
weak authentication for certain distribution lists, but require
strong authentication for other lists.

Of course it would be valuable if a service is provided for a
UA software to find out who is the moderator of a distribution
list without the UA owner having to store it. Some kind of
directory system would then be needed. My suggestion is that
this should be part of the specification of a more general
distribution list handling in Internet, not part of a specification
of the "obsoletes" field.

Jacob Palme                  E-mail: jpalme(_at_)dsv(_dot_)su(_dot_)se
                             Phone: +46-8-664 77 48 or +46-8-16 16 67
Department of Computer and   Fax: +46-8-664 77 48 between 9 am & 2 pm WET
Systems Sciences (DSV)       Postal address: Skeppargatan 73,
Stockholm University         S-11530 Stockholm, Sweden