About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: mnt-nfy

  • To: (Janos Zsako)
  • From:
  • Date: Fri, 18 Oct 1996 10:39:25 -0700 (PDT)
  • Cc:
  • Posted-date: Fri, 18 Oct 1996 10:39:25 -0700 (PDT)
Hi Janos,

> Janos Zsako writes :
> 
> >   Note also that this smartness quite consciously introduces less
> >   'security' because it allows someone to make clandestine changes by
> >   forging his From:-address to avoid notification.  We did this because
> >   those with really high security requirements shoud use maintainers with
> >   a stronger authentication menthod. 
> 
> Correct. However I originally noticed that this "feature" also works by
> adding a Reply-to: in the header...

The feature only disallows sending an ACK & notify message to the same
E-mail address. You will always get at least an ACK message. The ACK
message is sent to the Reply-To: address or the From: address if no
Reply-To: address is present. The notify: message is send to all people
listed except for the people that already got an ACK message.

> My point at the RIPE meeting was that when sending an update with a Reply-to,
> the mnt-nfy DOES get a "warning" message, that somebody made SOME updates,
> (since the "Congratulations" are sent to her), but has no clue wrt. WHAT
> exactly has been modified (usually the Subject: line does not provide accurate
> information - if at all)...

This is true. You will receive less information then with a notification
message in this case. This is clearly a disadvantage, but also an
advantage for those people that are getting a bit tired of the amount of
mails coming from the RIPE database automatic department.

> (Of course, the situation can be even worse if the From: line is forged...)

But you will always get at least one message from the database whether it
is an ACK message or a notify message. The smartness only eliminates more
mails sent to one and the same E-mail address. And again ripe-dbm@localhost
is always willing to investigate with the maillogs if you suspect
someting like this (in fact I *did* found a forgery once and I can assure
you that the person that did it will not do it another time ...)

> PS. I suppose (and strongly hope :)) the authentication is based on the From:
> and not the Reply-to:.

I can tell you from first hand experience (that is the code is
implemented as required in the specs) that the authentication is done on
the From: field and nothing else then that.

David K.
---
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community