Re: CAP issue: Fallback/fanout to iTIP

[sman@xxxxxxxxxxxx (Steve Mansour)]

Alright John!  Any other opinions on this.  It's a pretty major change
(simplification) to CAP. I want to make sure that there's general buy-in
before doing anything.
-Steve

John Stracke wrote:

> Steve Mansour wrote:
>
> > So... any opinions on whether or not to try to keep fanout in CAP ?
> > John?    Anybody?
>
> Having just reread the fanout section in the I-D, I'd say cut it.  It
> doesn't introduce any truly new capabilities, and it does introduce some
> potentially serious security problems.  Either the servers trust each
> other, or the server doing fanout has to be able to exercise the user's
> credentials on the remote server.  Either way, it permits an attacker
> who subverts one server to use it against other servers, instead of
> limiting the damage to a single server.

begin:vcard 
n:Mansour;Steve
tel;fax:408-276-4930
tel;work:408-276-4268
x-mozilla-html:FALSE
org:Netscape
version:2.1
email;internet:sman@xxxxxxxxxxxx
title:Judge, Jury, and Executioner
adr;quoted-printable:;;501 East Middlefield Road=0D=0AMS: MV-054;Mountain View;CA;94043;
x-mozilla-cpt:;-10552
fn:Steve Mansour
end:vcard