[Top] [All Lists]

RE: sender-auth and ira

2001-10-26 11:47:26
Oh yeah the BCC to boss strategy...

To: Fred
BCC: Fred's Boss

        I completely understand your situation with the possible loss of the
very big important customer account after your unfortunate presentation.
Please let me know if there is anything I can do to help you rectify the

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
781 245 6996 x227

-----Original Message-----
From: Housley, Russ [mailto:rhousley(_at_)rsasecurity(_dot_)com]
Sent: Friday, October 26, 2001 2:21 PM
To: Peter Sylvester
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: sender-auth and ira


The whole point of BCC recipients is to keep their 
identities from other
recipients.  If you are going to list them, then they are readily
exposed.  I do not think that we should introduce this leak.

Isn't this leak is somewhat similar to the possibility of having
one encryption envelope with all addresses in it?

Yes.  That is why the update to the MSG specification should 
address BCC in 
the contect of EnvelopedData.


Attachment: Phillip Hallam-Baker (E-mail).vcf
Description: Binary data

<Prev in Thread] Current Thread [Next in Thread>