Oh yeah the BCC to boss strategy...
BCC: Fred's Boss
I completely understand your situation with the possible loss of the
very big important customer account after your unfortunate presentation.
Please let me know if there is anything I can do to help you rectify the
Phillip Hallam-Baker FBCS C.Eng.
781 245 6996 x227
From: Housley, Russ [mailto:rhousley(_at_)rsasecurity(_dot_)com]
Sent: Friday, October 26, 2001 2:21 PM
To: Peter Sylvester
Subject: Re: sender-auth and ira
The whole point of BCC recipients is to keep their
identities from other
recipients. If you are going to list them, then they are readily
exposed. I do not think that we should introduce this leak.
Isn't this leak is somewhat similar to the possibility of having
one encryption envelope with all addresses in it?
Yes. That is why the update to the MSG specification should
address BCC in
the contect of EnvelopedData.
Phillip Hallam-Baker (E-mail).vcf
Description: Binary data