Oh yeah the BCC to boss strategy...
To: Fred
BCC: Fred's Boss
Fred,
I completely understand your situation with the possible loss of the
very big important customer account after your unfortunate presentation.
Please let me know if there is anything I can do to help you rectify the
situation.
Mallet.
Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker(_at_)verisign(_dot_)com
781 245 6996 x227
-----Original Message-----
From: Housley, Russ [mailto:rhousley(_at_)rsasecurity(_dot_)com]
Sent: Friday, October 26, 2001 2:21 PM
To: Peter Sylvester
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: sender-auth and ira
Peter:
The whole point of BCC recipients is to keep their
identities from other
recipients. If you are going to list them, then they are readily
exposed. I do not think that we should introduce this leak.
Isn't this leak is somewhat similar to the possibility of having
one encryption envelope with all addresses in it?
Yes. That is why the update to the MSG specification should
address BCC in
the contect of EnvelopedData.
Russ
Phillip Hallam-Baker (E-mail).vcf
Description: Binary data