From: Paul Hoffman / IMC <phoffman(_at_)imc(_dot_)org>
ESS-style receipts are different than either of these.
Paul,
I'm not up to speed on DSNs and MDNs, so forgive me for the
possibly stupid question:
DSN: server-to-server notification of transit
MDN: human recipient tells sender what he did with the message
ESS Receipt: UA-to-UA notification that sender's signature verified
reply: user does a reply-to email or news
Assuming all four of the above message types use integrity and
authentication protection provided by CMS/ESS,
and assuming that all four have a requirement to provide an integrity-
protected link from the response back to the original message it is
responding to,
then why do you regard using an ESS SignedContentReference (or
eSSSecurityReceipt) a layering violation for some of the message types
(DSNs/MDNs) and not for others (ESS Receipts)?
How about the reply case, where the user wants to say "I agree with
your proposal" and wants to guarantee that his reply is unambiguous
without including the entire original text in the reply?
Dave Kemp