Re: Content-Length harmful
On Mon, Nov 30, 1998 at 10:19:38PM -0500, Michael Stone wrote:
> Quoting Avery Pennarun (apenwarr@worldvisions.ca):
> > I guess you missed my point.
>
> No, I just disagreed with it. :)
Then I guess we disagree :)
> > And it will appear in your mbox as follows:
> >
> > >From what camel dost the cavern fall?
> > >From the pink camel, of course. Yeesh.
>
> Actually, in my mboxes, that wouldn't happen. Procmail's set so that it
> adds the content-length and doesn't quote From's.
Okay. But a dhasi MDA could also be set to honour content-length and not
modify messages. It's no different from a content-length-supporting mbox
MDA. That's the beauty of it.
> Yes pure-mbox is pretty nasty. But the content-length solution is a little
> bit better. Why? Because it hasn't touched the body of my message.
But it made you mess around in the header. Now _I_ can't touch the body of
the message with a text editor. Worse, if the content-length _does_ end up
corrupted somehow (DOS versus Unix newlines?) we end up merging two
messages and making a further mess.
Dhasi/mbox format, when it goes wrong, goes less horribly wrong than
content-length. Of course, all of this is hashed out in that web page on
netscape.com.
> > A partial dhasi system is no better than mbox, but no worse. A completely
> > dhasi system is much better, and if we want a completely dhasi system, we
> > can't be afraid to leave mbox.
>
> But people are already using mbox, which is indistinguishable from your
> new system. How can a poor MUA know when to strip a >From and when to
> leave it alone?
Like I said, if you're honouring content-length, then don't strip anything.
That's simple enough.
If you're using pure-mbox, then as I said in my previous message, guessing
wrong about stripping >From lines is no worse than never stripping them. Or
to put it another way: in pure-mbox, where we never strip the quote
character, we are right about 50% of the time. Then in dhasi, where we
_always_ strip the quote character, we are still right 50% of the time.
I think that means (whee!) that if you strip randomly, you'll still be right
50% of the time. That's what happens in a mixed mbox/dhasi setup. So, I
don't think a mishmash is worse than pure-mbox. And it doesn't take away
your ability to use content-length in case you like it better.
> And we can't just ignore the existing MUAs. Whereas an MUA recognizing
> content-length can use it if present, and never needs to worry about
> whether to strip a >. So you can do a _partial_ deployment.
Whoah, you can't do a partial deployment of content-length. That'll never
work.
I'll send you a message like this:
From: apenwarr
To: you
Subject: my buns are gone!
Content-Length: whatever
Here's what the guy said to me:
From bandit@evil.org Mon Nov 30 22:29:45 GMT
...
Give us the money, or your buns are toast.
If your MDA honours content-length, it won't quote the From_ line in the
body of your message. If your MUA doesn't do content-length, it will
therefore see two messages instead of one.
Conversely, if the MDA ignores content-length and MUA recognizes it, you're
open to annoying security attacks. I'll send you a message with
Content-Length: 999999999 and we'll see what happens.
It's much easier and safer to half-deploy dhasi then to half-deploy
content-length.
> The real solution is to just drop mbox; then you don't need to worry about
> interoperability, you get a whole host of other advantages, and it's no
> harder than changing the mbox format.
Maildir is a good format; but it's a heck of a lot easier to change all
existing software to dhasi (a very minor change to the parser/munger) than
to redesign the whole program around Maildir.
Just my fiftieth of a loonie... :)
Have fun,
Avery
Reply to: