on Mon, Sep 08, 2003 at 03:40:15PM +1000, Matthew Palmer (mpalmer@debian.org) wrote:
> On Mon, Sep 08, 2003 at 06:04:39AM +0100, Karsten M. Self wrote:
> > on Mon, Sep 08, 2003 at 01:57:54PM +1000, Matthew Palmer (mpalmer@debian.org) wrote:
>
> [W3C's autoresponder]
>
> > > This one's a bit different. It's only asking for permission to archive
> > > posts to the list - I guess W3C's just trying, as hard as possible, to avoid
> > > any possible legal problems.
> >
> > It's still an instance in which the autoresponse would not have been
> > triggered had any half-decent AV/AS system been used to filter out
> > spam and viruses. This was a response to the SoBig.F worm.
>
> Sorry, I didn't make my position sufficiently clear. This system is
> as broken as every other Challenge-Response, in that it has the
> potential to annoy the shit out of a lot of people very easily, and
> become a nice anonymous harassing agent.
>
> I was just making the point that it isn't the same as a regular C-R
> system, in that the intent wasn't so much to say "I want to make sure
> you're not a spammer" and more "I want to make sure you agree to your
> posts being publically archived" - at the very least it's a little
> less offensive than normal (it's not saying "You're a spammer - prove
> me wrong!").
Agreed.
This is the difference between broken-by-configuration, and
broken-by-design. I wasn't saying that the problem was identical to
that of C-R, only that _any_ autoresponder should make reasonable
efforts not to do Joe-Jobs.
MTA behavior can be fixed (or at least greatly remedied) by filtering.
C-R cannot as it assumes the solution to the problem is to offload the
authentication on a third party, itself unverified, unknown,
unauthenticated, and untrusted.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
The truth behind the H-1B IT indentured servant scam:
http://heather.cs.ucdavis.edu/itaa.real.html
Attachment:
pgpgSDpLAm6Vd.pgp
Description: PGP signature