From: Seth Breidbart (sethb@panix.com)
Date: Fri Jan 04 2002 - 21:14:05 CST
Bill Davidsen wrote:
>> The fact is that some ISPs want Sender (if present) or From (if Sender
>> not present) to be the account that was validated in order to cause
>> the post to be allowed to be injected.
>
> Then let them reject the post, instead of compromising privacy.
We can't specify policy for ISPs.
> I have no problem with that being an acceptable policy, although I'm
> sure users who have any other choice will.
That seems to be Panix's policy, so clearly lots of users with other
choices find it acceptable.
> There are lots of ways to track the poster which don't involve
> giving out personal information. That might actually violate laws in
> some places, and certainly is the wrong direction to go in a
> standard.
Nobody is saying that the standard should recommend that. I'm saying
that in a footnote it should warn people that some ISPs _do_ that. We
should also deprecate that behavior.
He later wrote:
>> I agree that Injector-Info is a better place to do it; however, that
>> header might be included by a poster and signed, so the "breaking of a
>> signed article" problem cannot be avoided.
>
> Is there a reason I don't recall for why we would allow this to be a
> user-provided header? At all?
It shouldn't be; that was a strawman argument that if a user provides
and signs it, then the injector replacing it will break the signature.
>> To the extent that this draft is codifying existing practice, I think
>> that including a warning in the Note is the right thing to do. If we
>> want to say "MUST NOT" alter a Sender header, I don't have a problem
>> with that; but we should note that a lot of existing software is
>> non-compliant with that requirement.
>
> That sounds right, hopefully the software will change over a few years.
Anybody else? We seem to have reached some level of agreement here.
John Stanley wrote:
>>We clearly are not reading the same Usenet. In the one I read, a
>>majority of the From: headers are correct.
>
> And you know this precisely how?
>
> Answer: you don't know it, but the contents look reasonable so you assume
> they are correct.
That and the fact that, with one exception (which I learned about but
never actually sent mail to), the hundreds of people I've sent email
to in response to their Usenet postings had given good addresses.
>>It isn't a "guessing game" for it to insert information that it knows
>>to be correct.
>
> When it is guessing that what is there is wrong, yes sir bub it is a
> guessing game.
It isn't guessing that. It is saying that it doesn't know that it is
correct, which is true.
> Where did you get this ridiculous notion? For the purposes of
> argument, I assume it is A real identity, but it is certainly not
> THE real identity, and if you use any one of them when posting the
> injector should accept it.
Now you want the injector to act in a way that it cannot: by accepting
any correct (in a God-like omniscient sense) From header.
>>It's one of them; in particular, it's the (only) one that Panix cares
>>about.
>
> So? The standard does not specify that the only one Panix cares
> about is what must appear in your From header.
No, but that is Panix's policy. Why are you against warning people
who read the standard that some ISPs have that sort of policy?
>>Please explain precisely how that differs from someone breaking in to
>>my account, posting as me, and having whatever header you prefer (an
>>encrypted Injector-Info, perhaps) pointing definitively to my account.
>
> Because the From header is validated by the injector, so if it says
> it is from you it must be. That's the logical extension of believing
> that injectors can intelligently and correctly validate From headers.
Now if someone breaks into my account and posts as me, the encrypted
Injector-Info header (which is validated by the injector) says it is
from me. Why is that different? In either case, the injector
believes that an article was posted by me because it was posted by
someone who had broken into my account.
>>> Why shouldn't we prohibit an action that will break any future
>>> possibility of signing articles?
>
>>For an incredibly small value of "any future possibility".
>
> If you want to call "every article" an incredibly small value, that's
> your decision.
So you claim that:
1. Every article will have a Sender header,
and
2. That Sender header will be different from the one the ISP knows is
valid?
Otherwise, some articles (e.g. those I post with From:
sethb@panix.com) can still be properly signed.
> This header SHOULD NOT appear in an article unless the sender is
> different from the poster.
Now we're getting into the meaning of "different from". I would claim
that when I'm using a different account, the sender is different.
Seth