Paul/Russ,
I've been looking through the Signed Receipts section of ESS again, and I
believe I may have found an ommision.
Let me set the scene...
In order to validate a receipt, you need to have the original message (or at
least a digest of it). Clearly if you are the "Sender" you would have this.
The receipt request structure contains a ReceiptsTo element, where the
originator must specify their own address if they wish to receive the receipt
messages.
What if you're not the originator but are named on the ReceiptsTo list. How do
you validate the receipt message without having access to the original message
(or digest of it) - clearly you can't.
If the original message is copied to the entities on the ReceiptsTo list this
would be avoided. There is the potential problem of a receipt message being
received before the message that it corresponds to but this can be dealt with
quite easily.
I suggest that we add new paragraphs somewhere to ESS along the following lines:
"In order to allow the returned receipt message to be validated by all entities
named in the receiptsTo field of the receipt request attribute, the Sender
SHOULD ensure that the original message is copied to all such entities.
It is possible that a receipt message may be received before the original
message that it corresponds to. When such a receipt message is received, the
recipient SHOULD store the receipt message for later validation.
When a recipient of a message is named on the ReceiptTo list in a
receiptRequest attribute, they SHOULD ensure that sufficient information is
retained from the message to allow validation of any associated receipt
messages that are subsequently received. The recipient SHOULD immediately
validate any receipt messages that were received prior to message reception."
I've used SHOULDs here to allow for the situation where an entity on the
ReceiptsTo list is being used as a non-validating receipt sink.
Darren
-------------------------------------------------------------
Darren Harter BSc Hons MBCS CEng
CASM Technical Architect
CASM Programme Office
CESG
Work: dharter(_at_)cesg(_dot_)gov(_dot_)uk
Home: Darren(_dot_)Harter(_at_)bcs(_dot_)org(_dot_)uk