[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IMPORTANT: your message to html-tidy

on Mon, Sep 08, 2003 at 03:40:15PM +1000, Matthew Palmer (mpalmer@debian.org) wrote:
> On Mon, Sep 08, 2003 at 06:04:39AM +0100, Karsten M. Self wrote:
> > on Mon, Sep 08, 2003 at 01:57:54PM +1000, Matthew Palmer (mpalmer@debian.org) wrote:
> [W3C's autoresponder]
> > > This one's a bit different.  It's only asking for permission to archive
> > > posts to the list - I guess W3C's just trying, as hard as possible, to avoid
> > > any possible legal problems.
> > 
> > It's still an instance in which the autoresponse would not have been
> > triggered had any half-decent AV/AS system been used to filter out
> > spam and viruses.  This was a response to the SoBig.F worm.
> Sorry, I didn't make my position sufficiently clear.  This system is
> as broken as every other Challenge-Response, in that it has the
> potential to annoy the shit out of a lot of people very easily, and
> become a nice anonymous harassing agent.
> I was just making the point that it isn't the same as a regular C-R
> system, in that the intent wasn't so much to say "I want to make sure
> you're not a spammer" and more "I want to make sure you agree to your
> posts being publically archived" - at the very least it's a little
> less offensive than normal (it's not saying "You're a spammer - prove
> me wrong!").


This is the difference between broken-by-configuration, and
broken-by-design.  I wasn't saying that the problem was identical to
that of C-R, only that _any_ autoresponder should make reasonable
efforts not to do Joe-Jobs.

MTA behavior can be fixed (or at least greatly remedied) by filtering.
C-R cannot as it assumes the solution to the problem is to offload the
authentication on a third party, itself unverified, unknown,
unauthenticated, and untrusted.


Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    The truth behind the H-1B IT indentured servant scam:

Attachment: pgpgSDpLAm6Vd.pgp
Description: PGP signature

Reply to: