ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Rethinking Receipt

1998-04-15 14:31:35
from [Paul Hoffman / IMC] [Permanent Link] 
At 04:06 PM 4/15/98 -0400, David P. Kemp wrote:

DSN: server-to-server notification of transit


Close but not exact. DSNs can also be read by the sender. They are in fact
sent back to the sender. In some environments, they are snagged and
processed before the sender reads them.


MDN: human recipient tells sender what he did with the message


Close but not exact. It can also be machine-generated. There are status
codes in the MDN for whether it came automatically or from a human.


ESS Receipt: UA-to-UA notification that sender's signature verified


Correct.


reply: user does a reply-to email or news


Rat hole alert! Megabytes have been wasted on the DRUMS WG mailing list
about this topic recently. There is no consensus on the topic. To be
honest, there is violent disagreement. There is no agreement on what
"reply-to" means.


Assuming all four of the above message types use integrity and
 authentication protection provided by CMS/ESS,


I do not understand what you mean here. If you mean CMS/MSG (that is, the
-msg draft), DSNs and MDNs can be protected, and receiving agents that know
about each can do S/MIME verification. ESS receipts are clearly covered by
CMS/MSG. Reply-to is a rat hole.


and assuming that all four have a requirement to provide an integrity-
 protected link from the response back to the original message it is
 responding to,


Wrong. This is not mentioned in DSNs or MDNs.


then why do you regard using an ESS SignedContentReference (or
eSSSecurityReceipt) a layering violation for some of the message types
(DSNs/MDNs) and not for others (ESS Receipts)?


Well, since I disagree with your assumptions, I can't really answer that. 


How about the reply case, where the user wants to say "I agree with
your proposal" and wants to guarantee that his reply is unambiguous
without including the entire original text in the reply?


This is a new topic, and an interesting one. You are suggesting an
unambiguous message-identifier that can be inserted in a signed message as
a reference. You may want to look at draft-fielding-uri-syntax-02.txt and
see if your proposal fits into that framework.

Before continuing the DSN and MDN thread, please read the RFCs on DSNs
<http://www.imc.org/rfc1894> and MDNs <http://www.imc.org/rfc2298> and base
your comments on specifics from those standards. I believe you will see
that plain S/MIME v3 signing, and possibly ESS receipts, can be used with
either of them in fairly easy fashion.

--Paul Hoffman, Director
--Internet Mail Consortium
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Rethinking Receipt, Rik Drummond
Next by Date:  Re: Rethinking Receipt, Dave Crocker
Previous by Thread:  Re: Rethinking Receipt, David P. Kemp
Next by Thread:  Re: Rethinking Receipt, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]