Received: from localhost (daemon@localhost) 
        by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id SAA17226; Thu, 21 Mar 1996 18:53:47 -0500
Received: by CS.UTK.EDU (bulk_mailer v1.4); Thu, 21 Mar 1996 18:53:12 -0500
Received: from koobera.math.uic.edu (qmailr@KOOBERA.MATH.UIC.EDU [128.248.178.247]) by CS.UTK.EDU with SMTP (cf v2.9s-UTK)
	id SAA17163; Thu, 21 Mar 1996 18:53:09 -0500
Received: (qmail-queue invoked by uid 666); 21 Mar 1996 23:55:13 GMT
Date: 21 Mar 1996 23:55:13 GMT
Message-ID: <19960321235513.4808.qmail@koobera.math.uic.edu>
From: djb@koobera.math.uic.edu (D. J. Bernstein)
To: drums@cs.utk.edu
Subject: Re: Message-IDs (not Received lines) (Was: Issues summary web page)

> And even in the case of bounce messages, they are
> especially useful for dealing with duplicate messages:

I disagree. The bounce message has no useful identity except in its role
as information about the original message. If a bounce is duplicated,
you end up learning twice that the original message was not delivered.

> If you are sent
> multiple copies of a message by some broken piece of software, especially
> bounce messages, you can just automagically delete ones with duplicate
> message-ids.

This is insecure and must not be implemented. To automatically delete a
duplicate without compromising security, you need to compute a one-way
hash of an appropriately stripped message; the Message-ID doesn't help.

> There is no reason not to generate them, and they are quite useful.

I am worried about the motivation for, and likely consequences of,
requiring them.

---Dan