gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: Describing archives (new feature at the mirror)

From: Andrew Suffield
Subject: Re: [Gnu-arch-users] Re: Describing archives (new feature at the mirror)
Date: Sat, 3 Apr 2004 13:49:11 +0100
User-agent: Mutt/1.5.5.1+cvs20040105i 
On Sat, Apr 03, 2004 at 01:05:37PM +0100, Julian T J Midgley wrote:
> > > So keep a cache of message-ids you've already seen, and throw
> > > any duplicates (arranging for your filters to drop the first copy of each
> > > mail into your inbox or mailing list boxes as you prefer).
> >
> > And now anybody who can predict msgids, which frankly is not all that
> > hard (they are not designed to be secure) can selectively filter your
> > mail by forwarding you spam with suitable forged msgids.
> 
> Again, whilst this is in theory true, any such attack is trivially
> detectable (without loss of data, since duplicates are not immediately
> discarded), and much harder to pull off in practice than you suggest.
> So, encore une fois, the solution (of filtering duplicates) turns out,
> although not to be perfect, to be considerably more practical than the
> alternatives, and certainly sufficiently effective to deny your original
> assertion that "the only sane place that it can be fixed is at the sender
> end".

"After ignoring all evidence to the contrary, the point stands".

There are perfectly functional mechanisms for solving the problem on
the sender end. They're real and they work. Filtering duplicates turns
out to be imperfect, and considerably less practical than these
alternatives.

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]