From: Bill Davidsen (davidsen@prodigy.com)
Date: Fri Jan 18 2002 - 11:07:23 CST
On 12 Jan 2002, Erland Sommarskog wrote:
> John Stanley <stanley@peak.org> writes:
> > Charles Lindsey (chl@clw.cs.man.ac.uk):
> >
> > >OK, it now say, in the duties of an injecting agent:
> >
> > > 10.The injecting agent MAY add other headers not already provided by
> > > the poster,
> >
> > Unacceptable. It MUST NOT insert what it cannot know. This is especially
> > true in the case of Sender, where inserting this header changes the
> > meaning of the From header.
>
> I simply don't care to follow to your long rant, but I can't escape
> to point out an error here. A server can very well know that you are
> authenticated as nisse@bigbizcorp.com. Then whether the address
> myprivatemail@hotmail.com that you have specified is real or fake,
> the server just simply don't give a damn about. Because at Big Biz
> Corp you are supposed to use your real address, and your real address
> with Big Biz Corp. If you don't like that, take the discussion with
> Big Biz Corp, and not with us.
>
> A slighly different case where such a policy could be in force is a
> server which harbours some private newsgroups, and the owner of the
> groups want people to state their logins somewhere. For instance,
> this could be a newsgroup for beta evaluation, and you login with
> your beta ID, which then turns up in, say, Sender.
I think this is not relevant to the question of rewriting or providing
Sender. No one has questioned that an injector could reject a post
without that field set, with wrong information in the From header,
whatever. But deliberately giving out a real identification of the poster
is another issue, and raises privacy concerns.
-- -bill davidsen (davidsen@prodigy.com) "The secret to procrastination is to put things off until the last possible moment - but no longer" -me