From: John Stanley (stanley@peak.org)
Date: Mon Feb 11 2002 - 00:53:05 CST
Erland Sommarskog (sommar-usefor@algonet.se):
> Make your next posting in perfect Swedish.
I don't pretend to speak or write Swedish. Your demand is foolish. The
implied request that you stop trying to put words in my mouth is quite
serious.
> The redefining business is your game.
Let's see. I read the draft and it says the headers mean one thing. I see
what people want the injector to be permitted to do and it causes the
headers to mean something else. I'd say the game is upon those who want
injectors inserting and changing Sender and/or From headers for the
poster.
>The signature thing is not is something I good at, but Charles or Clive
>had good argument on that point: if you don't include Sender, don't say
>that it's signed.
And if you include the sender, and you sign the sender, and the injector
decides to change the sender header because it thinks it knows better than
the poster who did what, then the signature will be broken, and the poster
will not know about it until long after the article is injected and being
sent around the world. What part of that sentence do you not understand?
>It's somewhat funny that you first ask for courtsey and then cannot find
>a better counter-argument than "What a load of crap".
I call it when I see it. I didn't call for the draft to say "human
beings". And I didn't ask for courtesy, I asked you to use correct grammar
when you are rude and presumptious enough to try to put words into my
mouth.
>If you are logged in as john@somewhere.com and you use john@hotmail.com
>in your From line and do not include a Sender, there is no violation
>if the server deem these two be different entities.
If those are not two different entities, which they are not in the example
you provide, then yes, there is a violation when the INJECTOR (not
"server") decides these are two different entitites, and even more of a
"violation" when it acts to insert a header with tells people that
"john@hotmail.com" did not post the article, when the truth is exactly
otherwise.
> Has anyone said that it is invalid?
Yes. When the injector inserts a Sender header it is saying that you are
not using your "valid" identity in the From header.
>If the server would find it invalid
>to do so, it would not insert a Sender address - it would reject the
>posting.
As has been said many times before, that it more acceptable than modifying
the headers and posting it without the poster being able to prevent it.
> <Shmuel+gen@patriot.net> writes:
>> Sender is only
>> intended for the case where the From address is not owned by the
>> sender.
> That is however not what the draft says,
Well, maybe Charles has changed THIS section of the draft, too, but the
latest copy I have says this:
The Sender header specifies the mailbox of the entity which actually
sent this article, if that entity is different from that given in the
From header or if more than one address appears in the From header.
This header SHOULD NOT appear in an article unless the sender is
different from the poster.
We are currently discussing the case of a single address in the From
header, so the "more than one" clause does not apply. Which part of this
section of the draft do you read as contradicting Shmuel, at least in the
context of this discussion?
> If the newsgroup is distributed world-wide, yes.
Or if it is distributed anywhere else, yes. YOU have no way of limiting
the places that spammers go to harvest things, they show up in the most
surprising places.
Seth Breidbart (sethb@panix.com):
>Now I understand the problem. John Stanley isn't using the same
>language as the rest of us.
I'm using simple english. What language are you using?
> No, changing the meaning of something doesn't change it.
Yes, I see that we clearly are speaking different languages here. Ummm,
changing the meaning of a header changes the meaning of the header, in
english. Is that a hard concept to understand? Our draft defines the
headers to mean one thing, the broken injector is assuming they mean
something else and acting based on THAT definition. By inserting a header
based on the modified meaning, it changes the meaning of the header
already there. Read the section on Sender headers and see if maybe you can
suss out how that happens.
> If I read an article,
We aren't dealing with you reading an article, we are dealing with an
injector that is allegedly interested in conforming to this standard. We
are talking about an injector taking an action based on information it
does not have, in a way that the poster does not know is happening until
after it happens.
> Somebody else posting a followup
We aren't dealing with someone posting a followup, we are dealing with an
injector that is allegedly interested in conforming to this standard.
Allowing the headers to be redefined by the injector author is not
appropriate and should be prohibited. What excuse can you provide for
allowing it?