[Top] [All Lists]

Re: The subject line leakage problem

2001-12-27 08:59:30


I was trying to be a good reporter.  I was not trying to put any spin 
(positive or negative) on the comments.  I will try to answer your

First, he is pleased to see the working group addressing the subject line
issue.  While this issue was not part of his initial concerns, he agrees
that it deserves a solution.

Non-To: headers are of concern, but they are a completely different beast 
than To: headers with respect to Don's draft.

Don acknowledges the difference.  He is glad that we are discussing a 
solution that addresses the issues that he raised as well as issues raised 
by others.

Second, he would like to see the working group mandate the inclusion of
TO, CC, and FROM lines whenever encryption and signature are used

Why only those headers? Other headers are also important. Date: comes to

These are the ones that Don and I discussed on the phone.  Further, Don 
acknowledges the issues with BCC and mail lists.

I do not think that DATE is particularly important if the signing-time 
attribute is used.

  As he explained in is I-D, he does not believe that many users
are able to understand the interaction between signing, encrypting, or
(in either order).


Third, he would like to see the TO, CC, and FROM lines automatically
processed by the receiving mail agent software.  While he acknowledges the
issues associated with BCC, mail lists, and so on, he firmly believes that
the people writing the software understand the situation much better than
mass market e-mail users.


Fourth, he would like to see the working group mandate the inclusion of
TO, CC, and FROM lines whenever the sending agent or the receiving agent
represents a human.  In other words, computer-to-computer communications
may not need these to be protected.

And we determine that how?

I will offer my interpretation of his comments.  When someone builds a 
piece of software, they have a target market for that software.  When mail 
agent software is intended for computer-to-computer communications, he not 
too concerned because, as stated above, Don has more faith in programmers 
than mass market mail system users.

 From a specification point of view, it would be much easier to require the 
inclusion of these fields all of time.


This e-mail, its content and any files transmitted with it are intended
solely for the addressee(s) and are PRIVILEGED and 
CONFIDENTIAL.  Access by any other party is unauthorized without the express
prior written permission of the sender.  If 
you have received this e-mail in error you may not copy, disclose to any
third party or use the contents, attachments or 
information in any way, Please delete all copies of the e-mail and the
attachment(s), if any and notify the sender. 
Thank You.

<Prev in Thread] Current Thread [Next in Thread>