From: John Stanley (stanley@peak.org)
Date: Thu Jun 06 2002 - 19:52:39 CDT
Henry Spencer (henry@spsystems.net):
More waste of time debating who debated what when and what deadlines were
missed and how long ago. Henry, it doesn't matter what artificial deadline
you are complaining about, the issue was brought up long before that
deadline. That you'd forgotten is an interesting admission but not very
productive.
> I see no point in discussing this further; the
> existing wording is consistent and clear,
The existing wording is contradictory and nonsensical.
> My news *software* cares;
Why?
> Specifically, the followup agent cares, because it may want/need to use
> mail for a response.
The followup agent does not care what the From-content is, it justs copies
it from that header and uses it as the proto-destination for email. Note
1: email is not news, so big deal. Note 2: if your followup agent cannot
copy the string joe@bite.me correctly because it is what you call an
invalid address, your followup agent is broken. In short, your followup
agent doesn't give a damn what is there, as long as it is syntactically
correct.
> The latter is wrong, since news articles might be
> local to an organization in which 192.168.0.1 was a legitimate internal
> address.
And as soon as it hits the outside world, it is "munged" and unreplyable.
Sorta points out that this distinction between "valid" and "invalid" is a
real can of worms, changing from moment to moment and place to place.
Makes an injector's job of trying to guess even that much harder. Much
easier to simply say "you shall not guess".
>> ...Our proposed standard tells him that
>> the Sender header is used ONLY when the From header is not the entity who
>> is responsible for posting the message. But the injecting agent can add
>> one when the entities are the same but using a different email address.
> *If* it cannot determine that the entities are the same.
No Sir You Are Wrong. Please Reread the Draft. Here, I'll quote it for
you:
6.2. Sender
The Sender-header specifies the mailbox of the entity which caused
this article to be posted (and hence injected), if that entity is
different from that given in the From-header or if more than one
address appears in the From-header. This header SHOULD NOT appear in
an article unless the sender is different from the poster.
That does NOT say "if it cannot determine that the entities are the same",
it says "if that entity is different". I do not know why you have not
grasped the difference between the two statements, and I am at a loss as
to what words to use to get you to understand.
So, you've got an injecting agent that sees an email address it doesn't
recognize. It has NO way of knowing that it really does belong to the
person who posted the article. According to this proposed standard, that
injecting agent is allowed to insert a Sender header with what it thinks
the poster's email address is. But according to this very same standard, a
Sender header is to be used only if the entity in the From header is NOT
the same as the entity that is posting. That's a contradiction.
And now, after telling you about 8.2.2, we know that an article which is
in violation of site policy (by not containing the One True Registered and
Allowable Email Address in the From Content) MUST NOT be injected. That's
not my emphasis, it is in the draft.
But 5.2 tells implementors that they may simply insert a Sender header and
"fix" the problem. Contradictions.
> The action you are *now* referring to doesn't convey *any* implication
> that the address is invalid and is being inserted for spam prevention,
I don't give a flying damn what the reason the user puts a different
"address" in the From header is, nor does this draft. If you notice, this
draft says "for whatever reason". The most damaging case I can think of
off-hand is the one where the user is trying to avoid spam, but that does
not mean that there are no other reasons nor that his action is not
explicit.
> Many people explicitly
> insert a From-header address for other reasons -- e.g. because they have
> multiple addresses and want to use the same one everywhere -- which don't
> imply any aversion to the insertion of Sender.
Gee, so you actually know there are other reasons. Who cares if there is
no "aversion", the choice of which address to publish is just as explicit.
Second-guessing the user is just as wrong.
> I was attempting to address your actual wishes, not your perhaps-imperfect
> expression of them.
No, you were trying to put words in my mouth.
> It seemed to me that your wishes were for a way to
> suppress the addition of valid addresses, in cases where you are taking
> care that the From header does not contain one. There is a standard way
> to do the latter -- address ending in .invalid --
I guess you just don't get it, do you? The "suppression of the addition of
valid addresses" is not accomplished by using an address ending in
.invalid. In fact, it is exactly that part of the draft where implementors
are told that they may insert a valid address when such a From content is
included that is being discussed. Your claim that there is a "standard
way" to do this is simply untrue, and I would have thought you knew that.
> Here we have a case where both existing practice (insertion of Sender) and
> your wishes (no insertion of Sender) could be accommodated by exploiting
> that easy detection.
If you honestly think you can have two contradictory actions both ways
then I guess there is no reason to continue this discussion with you. That
does not mean that there is no reason to have this discussion in general,
since there is some hope that the editor will notice the problem and fix
it, but not much.