[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Non-repudiation for Message Disposition Notifications

To: chucks@xxxxxxxxxxxxx
Subject: Re: Non-repudiation for Message Disposition Notifications
From: Karen Rosenthal <karenr@xxxxxxxxxxxx>
Date: Wed, 20 Nov 1996 16:19:00 -0500
Cc: rayp@xxxxxxxxxxxx, karenr@xxxxxxxxxxxx, raf@xxxxxxxxxx, ietf-ediint@xxxxxxx
Organization: Premenos
References: <> <32937B3A.79CD@actracorp.com>
Reply-to: karenr@xxxxxxxxxxxx
Sender: owner-ietf-ediint@xxxxxxx

Chuck,

Thanks for the information - all is appreciated.  Whether we can
implement the signed receipt as it is specified depends on the answers
to the following questions:

1.  Section 4.2 in draft-ietf-ediint-as1-01.txt specifies that the
X-Received-MIC extension will only be included in the 2nd body part of
the MDN when 'the received contents are successfully processed'.  Am I
correct in interpreting 'successfully processed' to mean decryption,
authentication and integrity checking all succeeded?

2.  When the X-Received-MIC is NOT included, I understand that the
proposed way of matching up the receipt with the original message is via
the Original-Message-ID.  We are using Simple MAPI with Microsoft
Exchange, and through Simple MAPI, do not have application access to the
Message-ID that MS Exchange assigns (I've heard that there are other
mailers with this same problem). How then, are we able to match up the
receipt with the original message (PLEASE don't say we need to return
the entire original message in the 3rd bodypart of the MDN!!)?

3.  Is the request for the MDN placed in the message header, or in the
body part header(s)?  The draft says message, which concerns me.  
   a. If it's in the message header:
	. we are unable to use it using Simple MAPI with MS Exchange. 
	. how would a message containing attachments / multiple body 
          parts be handled, especially if some are signed, and some are
unsigned?
   b. If it's in the body part header(s), at which level is it placed
(i.e. for
	  S/Mime Version 2, at the application header, SignedData header, or 
	  EnvelopedData header?    

4.  Is S/Mime Version 1 still acceptable for use with the Signed MDN, or
is S/Mime Version 2 required?

Continuing with some non-critical questions:

5.  Is subject: Disposition notification, placed in the multipart/signed
mime header?  If not, where?

6.  Is the content of the MDN's 1st body part text standardized?

7.  Are the following the only valid values for EDI? 
	autoprocessed
	decryption_failed
	authentication_failed
	integrity_check_failed

8. Is the X-Received-MIC base64 encoded?

9. What is the anticipated use of the MDN's 3rd bodypart?  

Thanks again...
Karen

Chuck Shih wrote:
> 
> Karen,
> 
> The newest AS#1 draft should be posted on the ietf web server
> today or tomorrow. An announcement will go out on this. I
> got an e-mail from Roger Fajman and he will put out a new
> mdn draft on 11/26.
> 
> Can you implement the signed receipt as it is specified?
> 
> Karen Rosenthal wrote:
> >
> > Greetings,
> >
> > I am checking on the status of draft-ieft-receipt-mdn-01.txt, the
> > Internet Draft for An Extensible Message Format for Message Disposition
> > Notifications, which is due to expire on November 18th.
> >
> > This draft does not provide a mechanism for Non-Repudiation.  It is my
> > understanding that a group is currently working on a proposal to provide
> > for NRRs.  In looking through CommerceNet's interoperability test
> > scripts, it appears that an addition has been made to the MDN's 2nd body
> > part, which would be headed:
> >
> >         MAC_Info:
> >
> > and then contain the message digest type used (i.e. MD5), and then the
> > base 64 encoded (signed?) MD5 of the original message.
> >
> > This is my understanding of what has been proposed to-date.  I am only
> > assuming that the MD5 would be signed as it made the most sense,
> > although the only thing I've read on what was to be signed, was
> > CommerceNet's test script # 12, stating that "An MDN should be returned
> > within a signed bodypart", which was ambiguous to me.  Any clarification
> > / corrections to my understanding would be greatly appreciated, as would
> > any information on when an RFC, or updated draft can be expected.
> >
> > I'm also curious as to the expected use of the 3rd, optional bodypart.
> >
> > Much thanks,
> > --
> > Name:   Karen Rosenthal
> > E-mail: karenr@premenos.com
> > Phone:  (510)688-2928
> > Fax:    (510)602-2133

-- 
Name:	Karen Rosenthal
E-mail:	karenr@premenos.com
Phone:	(510)688-2928
Fax:	(510)602-2133

Follow-Ups:
- Re: Non-repudiation for Message Disposition Notifications
  - From: Carl Hage
- Re: Non-repudiation for Message Disposition Notifications
  - From: Chuck Shih

References:
- Non-repudiation for Message Disposition Notifications
  - From: Karen Rosenthal

Prev by Date: Re: !!!! EDIINT AS#2 - Requirement Voting
Next by Date: Re: Non-repudiation for Message Disposition Notifications
Previous by thread: Non-repudiation for Message Disposition Notifications
Next by thread: Re: Non-repudiation for Message Disposition Notifications
Index(es):
- Date
- Thread