This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
mnt-nfy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
davidk at isi.edu
davidk at isi.edu
Fri Oct 18 19:39:25 CEST 1996
Hi Janos, > Janos Zsako writes : > > > Note also that this smartness quite consciously introduces less > > 'security' because it allows someone to make clandestine changes by > > forging his From:-address to avoid notification. We did this because > > those with really high security requirements shoud use maintainers with > > a stronger authentication menthod. > > Correct. However I originally noticed that this "feature" also works by > adding a Reply-to: in the header... The feature only disallows sending an ACK & notify message to the same E-mail address. You will always get at least an ACK message. The ACK message is sent to the Reply-To: address or the From: address if no Reply-To: address is present. The notify: message is send to all people listed except for the people that already got an ACK message. > My point at the RIPE meeting was that when sending an update with a Reply-to, > the mnt-nfy DOES get a "warning" message, that somebody made SOME updates, > (since the "Congratulations" are sent to her), but has no clue wrt. WHAT > exactly has been modified (usually the Subject: line does not provide accurate > information - if at all)... This is true. You will receive less information then with a notification message in this case. This is clearly a disadvantage, but also an advantage for those people that are getting a bit tired of the amount of mails coming from the RIPE database automatic department. > (Of course, the situation can be even worse if the From: line is forged...) But you will always get at least one message from the database whether it is an ACK message or a notify message. The smartness only eliminates more mails sent to one and the same E-mail address. And again <ripe-dbm at ripe.net> is always willing to investigate with the maillogs if you suspect someting like this (in fact I *did* found a forgery once and I can assure you that the person that did it will not do it another time ...) > PS. I suppose (and strongly hope :)) the authentication is based on the From: > and not the Reply-to:. I can tell you from first hand experience (that is the code is implemented as required in the specs) that the authentication is done on the From: field and nothing else then that. David K. ---
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]