mnt-nfy

>   From owner-db-wg at ripe.net Fri Oct 18 08:19:02 1996

>   In my opinion notifications should *not* be sent to the originator of
>   the change request.  We had too many complaints about too many
>   notifications.  Those wishing to receive notifications of their own
>   changes can easily achieve that by putting an alias mailbox into their
>   notification attributes. 

I think I have no problem with the above (I mean I will not argue in
favour of changing this).

>   Note also that this smartness quite consciously introduces less
>   'security' because it allows someone to make clandestine changes by
>   forging his From:-address to avoid notification.  We did this because
>   those with really high security requirements shoud use maintainers with
>   a stronger authentication menthod. 

Correct. However I originally noticed that this "feature" also works by
adding a Reply-to: in the header...

My point at the RIPE meeting was that when sending an update with a Reply-to,
the mnt-nfy DOES get a "warning" message, that somebody made SOME updates,
(since the "Congratulations" are sent to her), but has no clue wrt. WHAT
exactly has been modified (usually the Subject: line does not provide accurate
information - if at all)...

(Of course, the situation can be even worse if the From: line is forged...)

If I remember correctly, at the DB-WG session the absence of the notification
(in the Reply-to case at least) was considered a *bug*.
I still incline to consider the "Reply-to case" a bug (or *unwanted* feature).
Forging the mail header is usually less trivial than adding a Reply-to.
The latter can even occur inadvertently (this is how I discovered all the above).

Janos

PS. I suppose (and strongly hope :)) the authentication is based on the From:
and not the Reply-to:.