At 08:35 AM 5/6/98 -0400, Sean Turner wrote:
Paul Hoffman / IMC wrote:
At 11:37 AM 5/5/98 -0400, John Pawling wrote:
I believe that if the originator does
not want to send the message to the entire ML, then it is the originator's
responsibility to construct a separate ML including the desired recipients
or to compose a list of the individual recipients (i.e. not use an ML at
all).
John's right here. It is bad protocol practice to say to a remote processor
"here's what I want you to do" when you can cause the same actions
yourself.
--Paul Hoffman, Director
--Internet Mail Consortium
Paul,
The problem is that if the list is quite large the burden placed on the
user could be too much for them to handle. Besides the originator may not
know all the recipients - they might know that it's a community of people
but not all the people in the community. With that said ...
I'm not thinking about this in terms of a "security function" because if
you don't want a recipient to get the message then some form of access
control should be employed. I'm a thinking of it in a sense of I've got to
send a message to a community of people to arrange Sara's birthday party,
but since it's Sara's birthday party I don't want Sara to know about it so
I exempt her address. Since it's not a security feature, in my mind, then
I agree with John P's that it should not be added in ESS or CMS. I think
the idea is more applicable as a general heading field.
I'm not sure Capt Y. Theriault and I were thinking of using it in the same
way so if we're not on the same wavelength let me know (I don't want to
misrepresent the Captain's motivations for exempted addresses).
Cheers
--
Sean Turner - IECA, Inc.
All,
Mr. Turner's birthday party example reflects the requirement I had in mind.
Some times it is useful to leave some organization/people out of a
discussion ( I am not saying that it is a nice thing to do, but this is a
service that is desired by a large community - the military community being
one). I see the exempted address feature as a discretionary access control
security service since I am specifying who can see a message.
Consequently, the exempted address feature would logically belong to the ESS.
Creating a new mailing list for an occasional situation is a big
administrative burden because you have to involve system
administration/security administration personnel. The alternative of
listing every recipient is also very annoying if the mailing list is large.
This is also the maintability issue as expressed Mr. Ginsburg.
Yves Thériault.
Capt Y. Theriault
National Defence Headquarters
PMO Defence Message Handling System Hardware Engineer
MGen R. Pearkes Building, Ottawa K1A 0K2
office: (613) 995-6476
email: aa862(_at_)issc(_dot_)debbs(_dot_)ndhq(_dot_)dnd(_dot_)ca