From: John Stanley (stanley@peak.org)
Date: Mon Feb 04 2002 - 13:05:25 CST
Erland Sommarskog (sommar-usefor@algonet.se):
> Note here that any adderss I may have elsewhere is irrelevant.
Not if that address is what you are trying to use in your From header.
>If it can't
>verify, it will insert one of the addresses it knows about, according
>to some default scheme.
Which is incorrect behaviour as defined by our draft.
>Provided that the server is actually inserting Sender in this case,,
>that is.
Sheesh, the entire discussion is about injectors who are inserting Sender
headers without knowing they are needed.
>If my ISP's server's policy were to include a Sender when the From-content
>does not agree with the current user,
Which is what it DOES NOT KNOW. It knows that it does not match what it
has been told, but that is NOT the same as "does not agree with the
current user".
> it could be smart to not include it in the case I used sommar-usefor.
But that "from content" is not what it has been told is your official
blessed mailbox. In fact, YOU say it is not your official blessed mailbox,
since it not the same mailbox. Why would it be "smart" and know that this
one belonged to you when it cannot know what it has not been told?
>Furthermore I have arrived at the conclusion
>that the news server would not be able to verify sommar-usefor anyway,
>because that would require it to read my login directory.)
Yes, I think I've more than adequately shown that the injector cannot
verify that arbitrary from-content is not yours, and because it cannot, it
cannot know when to insert a Sender header.
>Well, those injectors are broken in the sense "John Stanley don't like
>them".
If you are going to put words in my mouth, please have the courtesy to use
correct grammar.
They are broken because they are redefining the From and Sender header to
mean something other than the draft specifies. From is becoming "the
verified email address", Sender is becoming "I cannot verify the From"
instead of "the From address is NOT the poster." That's incorrect.
It's also silent. The poster doesn't know it is happening until too late
to stop it. Not only is it wrong behaviour according to this draft, it is
done in the wrong place at the wrong time.
>There might be good arguments for that, but you have not
>been very successful in making them.
I guess if you don't think "breaks signatures" and "redefines standard
headers", in addition to violating a SHOULD NOT, is sufficient argument,
I cannot dissuade you.
>Yes, we've heard you saying that all over again.
But you haven't listened. You even said you weren't listening.
>And if you want to
>successfully argument for prohibiting injectors from adding a Sender,
>you should drop this argument. The injector may very well have
>sufficient information to enforce its policy
That is simply not true. It cannot have sufficient information to know
whether or not "foobar543@hotmail.com" is one of my mailboxes. As for its
"policy", when the "policy" is to redefine standard headers, I say that
the policy needs to be prohibited. If it doesn't like the headers the way
they are defined, it should insert ones that it is free to define.
>and that policy does
>not give a single damn about the thousand other mail addresses you
>may have.
But the From header does. The From header is not defined as "the only
address the injector knows about". If you think it ought to be, please
suggest it be redifined officially, not as a side effect of some other
paragraph.
>> So, what would you say if an injector started inserting References headers
>> in articles where the subject started with "Re: "?
>There is no existing practice in this case.
I don't give a fuck if there is existing practice for inserting References
headers or not, the exact same arguments for allowing an injector to
insert a Sender header would allow it to insert a References header -- in
fact, the argument is stronger, since the "Re: " prefix on a subject is a
clear flag that the article is a reply and a References header is
MANDATORY, according to this draft, while the injector has to guess that
the From content is not the poster's before it should insert a Sender,
which is optional anyway.
What would you say if an injector started inserting References headers? I
want to hear what YOUR argument is either for or against it. Like I said,
it doesn't matter that nobody does it today. I asked what would you say if
they started doing it. If you can't answer the question without proving my
argument about the Sender insertion, that's ok, I'll understand.
> I like to remind that the definitions apply to you as well.
But you can ignore them when it comes to when a Sender header is to be
inserted? Where am I ignoring them? When I claim I am a human when I post.
>If you
>want the draft to say "human beings", you should call for the language
>being changed.
What a load of crap. I don't "want" it to say I am a human when I post, I
am a human, you dit. I am the "entity", and yes, dear, that definition
fits human being just fine already.
>Now it says "entity" which may mean "human being",
And does, when I am the entity posting. Please pay attention.
>Yes, provided that this happens on a news server which hosts public
>newsgroups.
I wasn't aware that the header definitions we have apply only to news
servers which host public newsgroups. I do understand that they don't
apply to non-conforming applications, but then they won't be "news
injectors" anyway.
>After all, John, you are not going to use all news servers in the world,
>so if a few of them will insert a Sender it is not going to hurt you
>anyway.
Well, I guess it is useless to argue what correct operation of a news
injector is with you, unless the incorrect behaviour is going have a
direct effect on you.
Why are we wasting our time defining a lot of crap that none of the people
on this discussion list will be affected by then? Wouldn't it be a hell of
a lot easier to just set up one central news server for the hundred of us
or so to use and have it do what we want it to do than for us to try to
define the protocol and standards for people we will never ever meet?
That's the "why are you arguing, it won't affect you" argument you've just
used on me. I want it to work right because I expect it to work right, and
the same way, for everyone, even if I never meet them. I can see past the
end of my own nose when it comes to standards, pal.
>If you have a problem with your local ISP doing it, then you
>will find some other way to convince them that their policy is
>inappropriate.
I should be able to point to the standard which says that the Sender
header SHOULD NOT be used unless the entity in the From is not the actual
poster, but I'm having a hard time getting a few obstinant folk here to
put an explicit prohibition in regarding something it shouldn't be doing.
In fact, I cannot get an explicit statement that says they CAN do it
removed. That's how stupid this is.