There is no disagreement that exempted addresses are not in general a
security feature. However, the security protocol needs to serve the needs
of those agents which process secured messages. In the case of a mail list
expander, in the absence of a secured message, it can expand a message and
support the use of exempted addresses which are embedded somewhere in the
message or header and it can change headers to indicate removal of
addressees, etc. However, for an encrypted message, the expander needs
protocol elements to carry exempted addresses if it is to be able to supply
this service to secured messages.
After all, why else do we have an extension for mlExpansionHistory if not
to support the expansion service for secured messages?
elliott
At 08:00 AM 5/6/98 , John Pawling wrote:
All,
I still disagree with adding the ML exempted address feature to CMS or ESS.
This service does not belong in any security protocol. If a user
organization needs this service then they can implement it without adding
unneeded complexity to the security protocol.
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================