- From: Keith Moore <moore@cs.utk.edu>
- Date: Tue, 02 May 2000 15:29:16 -0400
- To: Lawrence Greenfield <leg+@andrew.cmu.edu>
- cc: Keith Moore <moore@cs.utk.edu>, discuss@apps.ietf.org
> More interesting then your denial-of-service attack on yourself is the > problem of a mailing list that both you and I are on: > - you receive a message, and decide to prevent me receiving it > - you immediately send me a message with the same message-id > > If the mailing list exploder decided to deliver to me later than you > (especially if it's a large mailing list) you have a good chance of > denying me receiving a message. yes, that's my point. I can just send you a copy of an advertisement for toner cartridges with the same message-id as the message I don't want you to see. > It's hard to come up with a simple scheme to prevent this, since most > of the obvious things to hash can easily be duplicated, not sure what you mean here - my idea is for the recipient's user agent (or in your case, message store) to index messages received by message-id, but have the potential to store duplicates. so when a message gets received, the message-id is extracted, and a secure hash is made of the message (minus its received fields and anything else that seems extraneous). if there was another message with that message-id and the same hash, the new message is ignored. if there was another message with the same message-id but a different hash, the new message is treated as a separate message. > and you generally want a message with the same message-id but a > different body to be repressed --- since it's probably the > "[to unsubscribe, blah]" message from a mailing list. maybe, but the mail system doesn't know for sure. Keith
Received on Tuesday, 2 May 2000 15:28:05 UTC