ietf-asrg
[Top] [All Lists]

RE: [Asrg] C/R Framework

2003-05-15 06:34:03



Well, that's just a red rag to *some* bulls :-)

I don't think that asserting that the same concerns apply to *other*
systems
adequately addresses concerns applying to *these* systems. Plus
also - it's
not strictly true, since the *necessarily* long life of this data in a C/R
system has implications.


Yeah..that was just a placheolder...however, my thinking is that we should
be addressing the protocol..not how some systems implement persistent data.
For example, some systems may not use C/R to build whitelists.  Some may
just challenge very message..it would be stupid..but they could.  Within
client email software,, the C/R mechansim would have much less privacy
concerns.  So, I'm trying to divorce myself from implementations but rather
focus on seucrity implications of the protocol itself...could be wrong about
that..but that was my thinking.


Another thing, may be I misread the text, but I can't see how (if
multiple)
 X-CM-Recipient / X-CM-URI header pairs are kept together.

They would be subsequent line items within the header file.

Do you really need two headers? couldn't all this data be
parameters in one
header? Or have I really missed the point?

You have a point.  They very well could be a single line.  The thing to
consider is a case whereby I send a message to 20 recipients in a company.
Each one of those recipients will challenge me with a unique authenticator.
So, the recipients should be listed individually...whether we can use a
delimeter with the authenticator following..might be a better method.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>