From: Brad Templeton (brad@templetons.com)
Date: Tue Jan 16 2001 - 13:50:11 CST
On Tue, Jan 16, 2001 at 11:10:43AM -0800, Russ Allbery wrote:
> Assumes facts not in evidence. I explicitly considered the privacy issues
> and then turned it on. I could be convinced to turn it off again on my
> servers, but I find it convenient, and I simply don't agree with you that
> it's this huge of an issue.
Well, then they weren't properly considered. Of course you find it
convenient. When privacy is diminished there's always something pulling
the other way. It's not a be all and end all issue. I'm just advancing
the correct principle that if you can attain the same goal without
inherently removing the privacy of internet users, you should strive to
do so.
The IP address is the easy way out. Tokens based on the network structure
is slightly harder, but attains the same result in filtering -- in fact
a better result because it tells you the structure of the network so you
can filter somebody who is abusing their whole address block.
> Are you absolutely sure that Rich didn't consider privacy issues when he
> added that code to INN, and that he didn't just disagree with you?
Quite possibly, so now's the time to talk about it. Do you or anybody
else here disagree that if there's a better way to do it that doesn't
inherently strip posters of privacy, then it should be done.
If a site wants to use the NNTP address they still can. I simply believe
the standard should deprecate it, and encourage the use of tokens which
can still be used to filter spam.
>
> Sure. I have no problems with that. But I do object to ignoring the fact
> that NNTP-Posting-Host isn't some random little header that some small
> number of servers use. It's not even Mail-Copies-To with a partial
> existing installed base. It's added by damn near every news server
> currently deployed. It's become part of the de facto protocol, and has
> been part of the de facto protocol for longer than I've been running news
> servers. A whole bunch of people have never used or maintained a Usenet
> *without* NNTP-Posting-Host headers on most posts.
>
> That doesn't mean it's a good idea. That does mean that it's not
> something we can just ignore if we don't like it.
That's exactly why it's important to consider its consequences.
The code for
hash( IP + secret string of the day)
Is hardly rocket science. But it's better than using the IP.
Even better is
hash( subdomain + secret string ). hash(sub-subdomain + secret) etc.
And best would be
if( From userid authenticated )
"From"
else
hash( subdomain + secret string ). hash(sub-subdomain + secret) etc.