-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Aug 26, 2005, at 03:14, Jeroen Massar wrote:
Indeed when some 'malicious' person would add Cc's/To's and would
instruct his SMTP to not forward to the additional addresses in the
Cc/To the users will effectively not receive the message.
But how exactly does this cause a problem?
Isn't that enough? Tricking the list software into excluding certain
people from part of a discussion, even if it's only the part sent by
one certain submitter? It gives a false impression to the other list
members that certain list members are part of the discussion when
they have quietly been left out.
If that's not bad enough, what if the message in question were forged
as being from someone who was also excluded from receiving it through
this mechanism? "I'm a moron, and I take back all the objections I
raised to your proposal; WG chair, I support this proposal and think
it should be sent to the IESG." If the supposed sender never even
sees a copy of "his" message, and if it's well crafted so as to not
actually draw a direct reply, the WG may proceed on the assumption
that it's legitimate. (Of course, if the person is offline for a
vacation or something, the same might happen. And habitually signing
one's messages may help call attention to the forgery, but we've got
a ways to go to make that commonplace.)
Malicious intent aside, it's also useful to know sometimes if the
mailing list software is somehow munging your messages in a way you
didn't intend. Stripping out attachments, converting encodings,
changing HTML to plain text, etc. (And I've seen mailman
occasionally botch some such processing, leaving empty messages, but
I don't recall the specifics at the moment, or if it's been fixed.)
Ken
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFDDstIUqOaDMQ+e5gRArYYAJsENV6hSl9LLpoccHauYxwzMzBImQCfZQeG
X0MLvP0XN+U+mQ39tW+VtD4=
=vnF1
-----END PGP SIGNATURE-----
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf