Gnus development mailing list
 help / color / mirror / Atom feed
* Thoughts on Message-ID generation
@ 2001-02-28 16:05 Toby Speight
  2001-02-28 16:31 ` Florian Weimer
  0 siblings, 1 reply; 32+ messages in thread
From: Toby Speight @ 2001-02-28 16:05 UTC (permalink / raw)


With all this talk on how to generate message-ID values and ensure
their uniqueness, it's long been my opinion that the Right Way to do
this is to have a well-known MessageId service.  Connect to the
assigned port on any server (perhaps even localhost), tell it how
many ids you want, read them in, and go away until you've used them
all.

Then it's the job of the issuing service to generate a unique
localpart for each id and a conformant rhs; uniqueness can be
ensured even amongst different clients (once all the ones in use
support the issuance protocol), one server can issue ids for an
entire domain, and offline working (and private networks) are
supported.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-02-28 16:05 Thoughts on Message-ID generation Toby Speight
@ 2001-02-28 16:31 ` Florian Weimer
  2001-02-28 16:38   ` Paul Jarc
                     ` (4 more replies)
  0 siblings, 5 replies; 32+ messages in thread
From: Florian Weimer @ 2001-02-28 16:31 UTC (permalink / raw)


Toby Speight <streapadair@gmx.net> writes:

> With all this talk on how to generate message-ID values and ensure
> their uniqueness, it's long been my opinion that the Right Way to do
> this is to have a well-known MessageId service.  Connect to the
> assigned port on any server (perhaps even localhost), tell it how
> many ids you want, read them in, and go away until you've used them
> all.

There's already such a service built into recent versions of INN:

| 200 cert.uni-stuttgart.de InterNetNews NNRP server INN 2.3.0 ready (posting ok).
| post
| 340 Ok, recommended ID <97j88b$o6$1@hornet.rus.uni-stuttgart.de>

For mail, there never was a uniqueness constraint on message IDs.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-02-28 16:31 ` Florian Weimer
@ 2001-02-28 16:38   ` Paul Jarc
  2001-03-01 21:39     ` Florian Weimer
  2001-02-28 18:35   ` Toby Speight
                     ` (3 subsequent siblings)
  4 siblings, 1 reply; 32+ messages in thread
From: Paul Jarc @ 2001-02-28 16:38 UTC (permalink / raw)


Florian Weimer <fw@deneb.enyo.de> writes:
> For mail, there never was a uniqueness constraint on message IDs.

I'm not sure what you mean, but RFC822 4.6.1 says "The uniqueness of
the message identifier is guaranteed by the host which generates it."


paul



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-02-28 16:31 ` Florian Weimer
  2001-02-28 16:38   ` Paul Jarc
@ 2001-02-28 18:35   ` Toby Speight
  2001-02-28 20:09   ` Kai Großjohann
                     ` (2 subsequent siblings)
  4 siblings, 0 replies; 32+ messages in thread
From: Toby Speight @ 2001-02-28 18:35 UTC (permalink / raw)


0> In article <87n1b6rcq9.fsf@deneb.enyo.de>,
0> Florian Weimer <URL:mailto:fw@deneb.enyo.de> ("Florian") wrote:

Florian> Toby Speight <streapadair@gmx.net> writes:

>> With all this talk on how to generate message-ID values and ensure
>> their uniqueness, it's long been my opinion that the Right Way to do
>> this is to have a well-known MessageId service.  Connect to the
>> assigned port on any server (perhaps even localhost), tell it how
>> many ids you want, read them in, and go away until you've used them
>> all.

Florian> There's already such a service built into recent versions of INN:
Florian>
Florian> | 200 cert.uni-stuttgart.de InterNetNews NNRP server INN 2.3.0 ready (posting ok).
Florian> | post
Florian> | 340 Ok, recommended ID <97j88b$o6$1@hornet.rus.uni-stuttgart.de>

Has anyone written code to enable Gnus to take advantage of this?



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-02-28 16:31 ` Florian Weimer
  2001-02-28 16:38   ` Paul Jarc
  2001-02-28 18:35   ` Toby Speight
@ 2001-02-28 20:09   ` Kai Großjohann
  2001-03-01  3:12     ` Russ Allbery
  2001-03-01 14:24   ` Chris Shenton
  2001-12-31  2:37   ` Lars Magne Ingebrigtsen
  4 siblings, 1 reply; 32+ messages in thread
From: Kai Großjohann @ 2001-02-28 20:09 UTC (permalink / raw)
  Cc: ding

On 28 Feb 2001, Florian Weimer wrote:

> There's already such a service built into recent versions of INN:
> 
> | 200 cert.uni-stuttgart.de InterNetNews NNRP server INN 2.3.0 ready
> | (posting ok).  post 340 Ok, recommended ID
> | <97j88b$o6$1@hornet.rus.uni-stuttgart.de>
> 
> For mail, there never was a uniqueness constraint on message IDs.

The problem is that Gnus needs to know the msg id before sending, so
that the mail and news and Gcc copies can all have the same msg id.

Hm.

Of course, if posting and mailing, it could try to post, first.  Hm.

kai
-- 
Be indiscrete.  Do it continuously.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-02-28 20:09   ` Kai Großjohann
@ 2001-03-01  3:12     ` Russ Allbery
  0 siblings, 0 replies; 32+ messages in thread
From: Russ Allbery @ 2001-03-01  3:12 UTC (permalink / raw)


Kai Großjohann <Kai.Grossjohann@CS.Uni-Dortmund.DE> writes:

> The problem is that Gnus needs to know the msg id before sending, so
> that the mail and news and Gcc copies can all have the same msg id.

> Hm.

> Of course, if posting and mailing, it could try to post, first.  Hm.

It would be downright trivial to add a command to return a message ID to
the NNTP protocol, although of course that wouldn't help with existing
servers until they upgraded and it should really go through the I-D
process at some point and become a real RFC so that it doesn't get lost in
the mess of other such extensions.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-02-28 16:31 ` Florian Weimer
                     ` (2 preceding siblings ...)
  2001-02-28 20:09   ` Kai Großjohann
@ 2001-03-01 14:24   ` Chris Shenton
  2001-03-01 14:51     ` Florian Weimer
  2001-03-01 15:17     ` Kai Großjohann
  2001-12-31  2:37   ` Lars Magne Ingebrigtsen
  4 siblings, 2 replies; 32+ messages in thread
From: Chris Shenton @ 2001-03-01 14:24 UTC (permalink / raw)
  Cc: ding

On 28 Feb 2001 17:31:10 +0100, Florian Weimer <fw@deneb.enyo.de> said:

Florian> Toby Speight <streapadair@gmx.net> writes:
>> With all this talk on how to generate message-ID values and ensure
>> their uniqueness, it's long been my opinion that the Right Way to
>> do this is to have a well-known MessageId service.  Connect to the
>> assigned port on any server (perhaps even localhost), tell it how
>> many ids you want, read them in, and go away until you've used them
>> all.

Florian> There's already such a service built into recent versions of
Florian> INN:

Florian> | 200 cert.uni-stuttgart.de InterNetNews NNRP server INN
Florian> 2.3.0 ready (posting ok).  | post | 340 Ok, recommended ID
Florian> <97j88b$o6$1@hornet.rus.uni-stuttgart.de>

I'd really like the messageId to NOT contain my host, domain, or other
identifying information.  The layout of my LAN systems should be
private, and I don't want spammers harvesting this info.

Any reason it can't be related to a crypto-generated blob based on
maybe UNIX time + hash of machine  name + PID + ... ?

Yours in paranoia...



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-01 14:24   ` Chris Shenton
@ 2001-03-01 14:51     ` Florian Weimer
  2001-03-01 22:52       ` Harry Putnam
  2001-03-01 15:17     ` Kai Großjohann
  1 sibling, 1 reply; 32+ messages in thread
From: Florian Weimer @ 2001-03-01 14:51 UTC (permalink / raw)
  Cc: ding

Chris Shenton <cshenton@OutBounderInc.com> writes:

> I'd really like the messageId to NOT contain my host, domain, or other
> identifying information.  The layout of my LAN systems should be
> private, and I don't want spammers harvesting this info.

Spammers aren't interested in your network structure. In addition,
other headers leak much, much more information.

> Any reason it can't be related to a crypto-generated blob based on
> maybe UNIX time + hash of machine  name + PID + ... ?

Paranoia?  This isn't much entropy...

> Yours in paranoia...

;-)



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-01 14:24   ` Chris Shenton
  2001-03-01 14:51     ` Florian Weimer
@ 2001-03-01 15:17     ` Kai Großjohann
  2001-03-01 22:05       ` David A. Cobb
  1 sibling, 1 reply; 32+ messages in thread
From: Kai Großjohann @ 2001-03-01 15:17 UTC (permalink / raw)
  Cc: Florian Weimer, ding

On 01 Mar 2001, Chris Shenton wrote:

> I'd really like the messageId to NOT contain my host, domain, or
> other identifying information.  The layout of my LAN systems should
> be private, and I don't want spammers harvesting this info.

The msgid does not need to be the DNS FQDN of your host.  If the host
master of the frob.org domain tells you that you can use the right
hand side `chris.msgid.frob.org' for your messages, and that uniquely
identifies your host, then you can do that.

Since you have your own domain, you appear to be your own host master,
so I'm sure you can find a rhs that you can use.

If you give every user their own rhs, you can completely hide the
network structure.  And you can have your MTA bounce or drop mails
sent to such hosts.

kai
-- 
Be indiscrete.  Do it continuously.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-02-28 16:38   ` Paul Jarc
@ 2001-03-01 21:39     ` Florian Weimer
  2001-03-01 22:46       ` Paul Jarc
  2001-03-03 10:45       ` Per Abrahamsen
  0 siblings, 2 replies; 32+ messages in thread
From: Florian Weimer @ 2001-03-01 21:39 UTC (permalink / raw)


prj@po.cwru.edu (Paul Jarc) writes:

> Florian Weimer <fw@deneb.enyo.de> writes:
> > For mail, there never was a uniqueness constraint on message IDs.
> 
> I'm not sure what you mean, but RFC822 4.6.1 says "The uniqueness of
> the message identifier is guaranteed by the host which generates it."

Hardly anybody relies on the uniqueness of message IDs.  Messages
without IDs are even transported by most MTAs.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-01 15:17     ` Kai Großjohann
@ 2001-03-01 22:05       ` David A. Cobb
  2001-03-01 22:38         ` Stainless Steel Rat
  0 siblings, 1 reply; 32+ messages in thread
From: David A. Cobb @ 2001-03-01 22:05 UTC (permalink / raw)
  Cc: Chris Shenton, Florian Weimer, ding

Taking a clue from a different source, I believe the OMG - CORBA folk have
a scheme for generating unique ID's that folds your 60-bit NIC number
(which the mfgr's guarentee to be unique), the current UTC, and maybe
something else just for fun.  Now, a mail-message is clearly an
<<object>>!   So, given about a 128-bit number generated by such an
algorithm and encoding it Mod64 generates a string that isn't so long it's
impossible and enough numbers to last for a little while.

For security purposes, one might want a number including your NIC# run
through some sort of one-way hash, but that might destroy the uniqueness
property.  Some network guru, chime in here please with what damage - if
any - a bad guy could do if he knew my NIC#.  CORBA must have dealt with
the same security issues.

A "nice" feature might be putting the UTC in the most-significant
postition so that messages in message-id sequence are more or less
chronological.  The downside is that PC clocks, especially, are sometimes
pure fiction.  I have mail in my inbox now that has not been written yet
for months, if the originator's time stamp were to be believed.

I send my mail via an SMTP server at my ISP.  The ISP responds by telling
me the ID she has assigned to it.  I have no clue what her scheme is.

Kai Großjohann wrote:

> On 01 Mar 2001, Chris Shenton wrote:
>
> > I'd really like the messageId to NOT contain my host, domain, or
> > other identifying information.  The layout of my LAN systems should
> > be private, and I don't want spammers harvesting this info.
>
> The msgid does not need to be the DNS FQDN of your host.  If the host
> master of the frob.org domain tells you that you can use the right
> hand side `chris.msgid.frob.org' for your messages, and that uniquely
> identifies your host, then you can do that.
>
> Since you have your own domain, you appear to be your own host master,
> so I'm sure you can find a rhs that you can use.
>
> If you give every user their own rhs, you can completely hide the
> network structure.  And you can have your MTA bounce or drop mails
> sent to such hosts.
>
> kai
> --
> Be indiscrete.  Do it continuously.

--
David A. Cobb, The Superbiskit !
Software Engineer, Public Access Advocate, All around nice guy.
Get my PGP key at
:<http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=superbiskit>
Fingerprint=0x{6E3E DB8C 2E8C 4248 62B2  FE29 08EE CF0A 3629 E954}
"By God's Grace I am a Christian man, by my actions a great sinner."
--The Way of a Pilgrim, R. M. French [tr.]
<---.----!----.----!----.----!----.----!----.----!----.----!----.---->





^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-01 22:05       ` David A. Cobb
@ 2001-03-01 22:38         ` Stainless Steel Rat
  2001-03-01 22:55           ` David A. Cobb
  0 siblings, 1 reply; 32+ messages in thread
From: Stainless Steel Rat @ 2001-03-01 22:38 UTC (permalink / raw)


* "David A. Cobb" <superbiskit@home.com>  on Thu, 01 Mar 2001
| Taking a clue from a different source, I believe the OMG - CORBA folk
| have a scheme for generating unique ID's that folds your 60-bit NIC
| number (which the mfgr's guarentee to be unique), the current UTC, and
| maybe something else just for fun.

Not so useful for non-Ethernet media.  Token Ring NICs use bewteen 32 and
48 bits for MAC addresses.  SLIP, PPP and PLIP have no MAC addresses to
speak of, so this idea totally fails for them.  I don't know what fibre
channel uses off-hand.  And there is the problem that modulo "something
else just for fun" a multi-processor, single NIC machine is capable of
generating two or more identical IDs.  Besides, there is functionally no
difference between using system-name and the MAC address.

| Now, a mail-message is clearly an <<object>>!

... you say that like it's a good thing.

| So, given about a 128-bit number generated by such an algorithm and
| encoding it Mod64 generates a string that isn't so long it's impossible
| and enough numbers to last for a little while.

And how do you propose to generate those 128-bit numbers and gurarantee
their uniqueness, when you can't even guarantee that you can generate those
numbers?

| For security purposes, one might want a number including your NIC#

Assuming you have one.

| run through some sort of one-way hash, but that might destroy the
| uniqueness property.

Except that good hash algorithms don't do that.

| Some network guru, chime in here please with what damage - if any - a bad
| guy could do if he knew my NIC#.  CORBA must have dealt with the same
| security issues.

Lessee... he could steal *all* of your network traffic if he is on the
same physical segment.
-- 
Rat <ratinox@peorth.gweep.net>    \ Happy Fun Ball may stick to certain types
Minion of Nathan - Nathan says Hi! \ of skin.
PGP Key: at a key server near you!  \ 




^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-01 21:39     ` Florian Weimer
@ 2001-03-01 22:46       ` Paul Jarc
  2001-03-02 10:34         ` Florian Weimer
  2001-03-03 10:45       ` Per Abrahamsen
  1 sibling, 1 reply; 32+ messages in thread
From: Paul Jarc @ 2001-03-01 22:46 UTC (permalink / raw)


Florian Weimer <fw@deneb.enyo.de> writes:
> Hardly anybody relies on the uniqueness of message IDs.  Messages
> without IDs are even transported by most MTAs.

All threading, if nothing else, depends on the uniqueness of
Message-IDs.  Transports don't do threading, but so what?


paul



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-01 14:51     ` Florian Weimer
@ 2001-03-01 22:52       ` Harry Putnam
  2001-03-02 10:35         ` Florian Weimer
  0 siblings, 1 reply; 32+ messages in thread
From: Harry Putnam @ 2001-03-01 22:52 UTC (permalink / raw)


Florian Weimer <fw@deneb.enyo.de> writes:

> Spammers aren't interested in your network structure. In addition,
> other headers leak much, much more information.

What headers leak information about the internal network when you go
thru an IPmasquerade box?



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-01 22:38         ` Stainless Steel Rat
@ 2001-03-01 22:55           ` David A. Cobb
  2001-03-02  0:52             ` Stainless Steel Rat
  0 siblings, 1 reply; 32+ messages in thread
From: David A. Cobb @ 2001-03-01 22:55 UTC (permalink / raw)
  Cc: (ding)

Stainless Steel Rat wrote:

> * "David A. Cobb" <superbiskit@home.com>  on Thu, 01 Mar 2001
> | Taking a clue from a different source, I believe the OMG - CORBA folk
> | have a scheme for generating unique ID's that folds your 60-bit NIC
> | number (which the mfgr's guarentee to be unique), the current UTC, and
> | maybe something else just for fun.
>
> Not so useful for non-Ethernet media.  Token Ring NICs use bewteen 32 and
> 48 bits for MAC addresses.  SLIP, PPP and PLIP have no MAC addresses to
> speak of, so this idea totally fails for them.  I don't know what fibre
> channel uses off-hand.  And there is the problem that modulo "something
> else just for fun" a multi-processor, single NIC machine is capable of
> generating two or more identical IDs.  Besides, there is functionally no
> difference between using system-name and the MAC address.
>
> | Now, a mail-message is clearly an <<object>>!
>
> ... you say that like it's a good thing.

I'm not sure!  It's about like saying every boson in the universe is an object.
So what!  How many bits do we need to count all of them?

>
>
> | So, given about a 128-bit number generated by such an algorithm and
> | encoding it Mod64 generates a string that isn't so long it's impossible
> | and enough numbers to last for a little while.
>
> And how do you propose to generate those 128-bit numbers and gurarantee
> their uniqueness, when you can't even guarantee that you can generate those
> numbers?

Once we agree on how do I uniquely identify ME, this reduces to my being
responsible for the uniqueness of the ID's of things (messages, resources, etc)
which I generate.  That's the basic "I name my own children" notion.  [Works for
most folk excepting George Forman.]  Now, if I start with my local approximation
of UTC - I think about 64 bits would count the milliseconds in the age of the
universe, I only need to add "something else just for fun" when I generate more
than one thing in a millisecond - not easy for me but my digital assistant under
my fingertips here can do many many provided they aren't too big or complex.

Hey, it's just more bits!  IPv6 addresses are 128-bits, maybe we add another
128-bits for the objects created at a given address.  I isn't totally
unmanagable.

>
>
> | For security purposes, one might want a number including your NIC#
>
> Assuming you have one.
>
> | run through some sort of one-way hash, but that might destroy the
> | uniqueness property.
>
> Except that good hash algorithms don't do that.
>
> | Some network guru, chime in here please with what damage - if any - a bad
> | guy could do if he knew my NIC#.  CORBA must have dealt with the same
> | security issues.
>
> Lessee... he could steal *all* of your network traffic if he is on the
> same physical segment.

Aha!  Yes, that could be a problem.
Did I get the CORBA scheme right?  This thing on my shoulders has lots of "senior
moments" these days.

>
> --
> Rat <ratinox@peorth.gweep.net>    \ Happy Fun Ball may stick to certain types
> Minion of Nathan - Nathan says Hi! \ of skin.
> PGP Key: at a key server near you!  \

--
David A. Cobb, The Superbiskit !
Software Engineer, Public Access Advocate, All around nice guy.
Get my PGP key at
:<http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=superbiskit>
Fingerprint=0x{6E3E DB8C 2E8C 4248 62B2  FE29 08EE CF0A 3629 E954}
"By God's Grace I am a Christian man, by my actions a great sinner."
--The Way of a Pilgrim, R. M. French [tr.]
<---.----!----.----!----.----!----.----!----.----!----.----!----.---->





^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-01 22:55           ` David A. Cobb
@ 2001-03-02  0:52             ` Stainless Steel Rat
  2001-03-02 14:35               ` Toby Speight
  2001-03-02 16:43               ` David A. Cobb
  0 siblings, 2 replies; 32+ messages in thread
From: Stainless Steel Rat @ 2001-03-02  0:52 UTC (permalink / raw)


* "David A. Cobb" <superbiskit@home.com>  on Thu, 01 Mar 2001
| I'm not sure!  It's about like saying every boson in the universe is an
| object.  So what!  How many bits do we need to count all of them?

More that the idea of treating every bit of information as an object for
all purpose as a panacea is not a good idea.

[...]
| Once we agree on how do I uniquely identify ME,

The fully-qualified domain name of a host is required to be unique.  If it
is not then the host is misconfigured.  Your login on that host is also
required to be unique.  If it is not then accounts are improperly managed.
The time you send a message from a host is close to unique; that run
through MD4 or MD5 along with some random data will be unique.  If you put
them all together you get a very high probability unique identifier,
barring someone deliberately attempting to duplicate it.

Wait... Gnus already does most of that.  I'm not sure if it does the hash
(time + random) bit or just hash (time).

If you insist on going overboard, mash the whole message through MD5 and
use that as the Message-ID string or part of it.

I dunnow about CORBA's security, or lack thereof.  It really isn't an issue
here.  Message-ID is was never intended to be "secure".
-- 
Rat <ratinox@peorth.gweep.net>    \ Do not taunt Happy Fun Ball.
Minion of Nathan - Nathan says Hi! \ 
PGP Key: at a key server near you!  \ 



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-01 22:46       ` Paul Jarc
@ 2001-03-02 10:34         ` Florian Weimer
  2001-03-02 15:03           ` Paul Jarc
  0 siblings, 1 reply; 32+ messages in thread
From: Florian Weimer @ 2001-03-02 10:34 UTC (permalink / raw)


prj@po.cwru.edu (Paul Jarc) writes:

> Florian Weimer <fw@deneb.enyo.de> writes:
> > Hardly anybody relies on the uniqueness of message IDs.  Messages
> > without IDs are even transported by most MTAs.
> 
> All threading, if nothing else, depends on the uniqueness of
> Message-IDs.  Transports don't do threading, but so what?

Face it, there are lots of mail clients which do not support
threading, especially groupware solutions.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-01 22:52       ` Harry Putnam
@ 2001-03-02 10:35         ` Florian Weimer
  0 siblings, 0 replies; 32+ messages in thread
From: Florian Weimer @ 2001-03-02 10:35 UTC (permalink / raw)


Harry Putnam <reader@newsguy.com> writes:

> Florian Weimer <fw@deneb.enyo.de> writes:
> 
> > Spammers aren't interested in your network structure. In addition,
> > other headers leak much, much more information.
> 
> What headers leak information about the internal network when you go
> thru an IPmasquerade box?

It depends on the structure of the network.  I do use IP masquerading,
but my email headers contain a wealth of information about by network.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-02  0:52             ` Stainless Steel Rat
@ 2001-03-02 14:35               ` Toby Speight
  2001-03-02 15:41                 ` Stainless Steel Rat
                                   ` (2 more replies)
  2001-03-02 16:43               ` David A. Cobb
  1 sibling, 3 replies; 32+ messages in thread
From: Toby Speight @ 2001-03-02 14:35 UTC (permalink / raw)


0> In article <m3y9updmbf.fsf@peorth.gweep.net>,
0> Stainless Steel Rat <URL:mailto:ratinox@peorth.gweep.net> ("Rat") wrote:

Rat> The fully-qualified domain name of a host is required to be
Rat> unique.  If it is not then the host is misconfigured.

Only for Internet-connected systems.  I'm not convinced that the above
is true for indirectly accessible hosts on a (e.g.) NAT network with a
private internal DNS.  Isn't there a reserved domain for private naming
analogous to 10.* IP numbers?



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-02 10:34         ` Florian Weimer
@ 2001-03-02 15:03           ` Paul Jarc
  0 siblings, 0 replies; 32+ messages in thread
From: Paul Jarc @ 2001-03-02 15:03 UTC (permalink / raw)


Florian Weimer <fw@deneb.enyo.de> writes:
> prj@po.cwru.edu (Paul Jarc) writes:
> > Florian Weimer <fw@deneb.enyo.de> writes:
> > > Hardly anybody relies on the uniqueness of message IDs.  Messages
> > > without IDs are even transported by most MTAs.
> > 
> > All threading, if nothing else, depends on the uniqueness of
> > Message-IDs.  Transports don't do threading, but so what?
> 
> Face it, there are lots of mail clients which do not support
> threading, especially groupware solutions.

So?  The existence of those that don't use Message-ID says nothing
about those that do.


paul



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-02 14:35               ` Toby Speight
@ 2001-03-02 15:41                 ` Stainless Steel Rat
  2001-03-02 15:53                 ` Paul Jarc
  2001-03-02 16:18                 ` Simon Josefsson
  2 siblings, 0 replies; 32+ messages in thread
From: Stainless Steel Rat @ 2001-03-02 15:41 UTC (permalink / raw)


* Toby Speight <streapadair@gmx.net>  on Fri, 02 Mar 2001
| Only for Internet-connected systems.  I'm not convinced that the above
| is true for indirectly accessible hosts on a (e.g.) NAT network with a
| private internal DNS.  Isn't there a reserved domain for private naming
| analogous to 10.* IP numbers?

Tangental argument, and probably irrelevant.  Even if you are firewalled
you should not be using someone else's domain name inside your firewall.
If you cannot see why it is bad, imagine if you happen to have "sun.com" as
your internal domain.  Now you are unable to talk to real sun.com hosts.

Also, since you are talking to external hosts the responsibility is yours
to ensure that your systems correctly identify themselves to those hosts.

What that means is that if your host at gmx.net is firewalled it should
still identify itself as "gmx.net" or "foo.gmx.net" where names and IPs are
not masqeraded by the gateway.

In other words, being behind a firewall is no excuse for not playing by the
rules.
-- 
Rat <ratinox@peorth.gweep.net>    \ Do not taunt Happy Fun Ball.
Minion of Nathan - Nathan says Hi! \ 
PGP Key: at a key server near you!  \ 




^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-02 14:35               ` Toby Speight
  2001-03-02 15:41                 ` Stainless Steel Rat
@ 2001-03-02 15:53                 ` Paul Jarc
  2001-03-02 16:18                 ` Simon Josefsson
  2 siblings, 0 replies; 32+ messages in thread
From: Paul Jarc @ 2001-03-02 15:53 UTC (permalink / raw)


Toby Speight <streapadair@gmx.net> writes:
> Isn't there a reserved domain for private naming analogous to 10.*
> IP numbers?

Nope.  example.{com,net,org}. are reserved for use as examples, but
not for use on non-Internet networks.  localhost. is reserved for use
as a name of the local host, but using foo.localhost. may not be such
a great idea.  local. is used in some RFCs in examples to refer to a
domain not on the Internet, but no RFC actually reserves it for that
use.  You could use foo.10.in-addr.arpa., maybe, but there are
probably some things that would break on that.


paul



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-02 14:35               ` Toby Speight
  2001-03-02 15:41                 ` Stainless Steel Rat
  2001-03-02 15:53                 ` Paul Jarc
@ 2001-03-02 16:18                 ` Simon Josefsson
  2 siblings, 0 replies; 32+ messages in thread
From: Simon Josefsson @ 2001-03-02 16:18 UTC (permalink / raw)
  Cc: ding

Toby Speight <streapadair@gmx.net> writes:

> private internal DNS.  Isn't there a reserved domain for private naming
> analogous to 10.* IP numbers?

Only <URL:http://search.ietf.org/internet-drafts/draft-coffeystrain-dnsext-
privatednstld-00.txt> AFAIK.




^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-02  0:52             ` Stainless Steel Rat
  2001-03-02 14:35               ` Toby Speight
@ 2001-03-02 16:43               ` David A. Cobb
  2001-03-02 17:38                 ` Stainless Steel Rat
  1 sibling, 1 reply; 32+ messages in thread
From: David A. Cobb @ 2001-03-02 16:43 UTC (permalink / raw)
  Cc: (ding)

Stainless Steel Rat wrote:

> * "David A. Cobb" <superbiskit@home.com>  on Thu, 01 Mar 2001
> | I'm not sure!  It's about like saying every boson in the universe is an
> | object.  So what!  How many bits do we need to count all of them?
>
> More that the idea of treating every bit of information as an object for
> all purpose as a panacea is not a good idea.

Hey, it's the in thing.

>
>
> [...]
> | Once we agree on how do I uniquely identify ME,
>
> The fully-qualified domain name of a host is required to be unique.  If it
> is not then the host is misconfigured.  Your login on that host is also
> required to be unique.  If it is not then accounts are improperly managed.
> The time you send a message from a host is close to unique; that run
> through MD4 or MD5 along with some random data will be unique.  If you put
> them all together you get a very high probability unique identifier,
> barring someone deliberately attempting to duplicate it.

Simplify: my "mailto: URI" had better be unique, or my mail won't reach me and
I won't give a rat's <U-no> whether it's identified, uniquely or otherwise.
 So: "G20010302T165500.0000Z!Superbiskit@Home.com"

I am not, personally, concerned about those who wish to send mail without
divulging their identity.

If security of some message id is really a problem then put something like
Message-ID: #SECURE#
in the plain-text headers and bury the real ID inside the encryped part.

Traffic like that should be moving through tunnels anyhow.

>
>
> Wait... Gnus already does most of that.  I'm not sure if it does the hash
> (time + random) bit or just hash (time).
>
> If you insist on going overboard, mash the whole message through MD5 and
> use that as the Message-ID string or part of it.
>
> I dunnow about CORBA's security, or lack thereof.  It really isn't an issue
> here.  Message-ID is was never intended to be "secure".
> --
> Rat <ratinox@peorth.gweep.net>    \ Do not taunt Happy Fun Ball.
> Minion of Nathan - Nathan says Hi! \
> PGP Key: at a key server near you!  \

--
David A. Cobb, The Superbiskit !
Software Engineer, Public Access Advocate, All around nice guy.
Get my PGP key at
:<http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=superbiskit>
Fingerprint=0x{6E3E DB8C 2E8C 4248 62B2  FE29 08EE CF0A 3629 E954}
"By God's Grace I am a Christian man, by my actions a great sinner."
--The Way of a Pilgrim, R. M. French [tr.]
<---.----!----.----!----.----!----.----!----.----!----.----!----.---->





^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-02 16:43               ` David A. Cobb
@ 2001-03-02 17:38                 ` Stainless Steel Rat
  2001-03-03  3:44                   ` David A. Cobb
  0 siblings, 1 reply; 32+ messages in thread
From: Stainless Steel Rat @ 2001-03-02 17:38 UTC (permalink / raw)


* "David A. Cobb" <superbiskit@home.com>  on Fri, 02 Mar 2001
| Hey, it's the in thing.

So is Java and it can be used for everything, right?
Just because it is in and hip and cool and stuff does not make it the best
way to do everything.

| Simplify: my "mailto: URI" had better be unique, or my mail won't reach
| me and I won't give a rat's <U-no> whether it's identified, uniquely or
| otherwise.
|  So: "G20010302T165500.0000Z!Superbiskit@Home.com"

No more or less valid than what my firewall at work does:
<01Mar2.104434est.115296@gateway.intersys.com>
But it is harder to calculate, especially given that Emacs really has no
good way of looking for MAC addresses.
-- 
Rat <ratinox@peorth.gweep.net>    \ If Happy Fun Ball begins to smoke, get
Minion of Nathan - Nathan says Hi! \ away immediately. Seek shelter and cover
PGP Key: at a key server near you!  \ head.




^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-02 17:38                 ` Stainless Steel Rat
@ 2001-03-03  3:44                   ` David A. Cobb
  0 siblings, 0 replies; 32+ messages in thread
From: David A. Cobb @ 2001-03-03  3:44 UTC (permalink / raw)
  Cc: (ding)

Stainless Steel Rat wrote:

> * "David A. Cobb" <superbiskit@home.com>  on Fri, 02 Mar 2001
> | Hey, it's the in thing.
>
> So is Java and it can be used for everything, right?
> Just because it is in and hip and cool and stuff does not make it the best
> way to do everything.

No, ELisp is the way to do everything, and do it all in one place ! ;-}

>
>
> | Simplify: my "mailto: URI" had better be unique, or my mail won't reach
> | me and I won't give a rat's <U-no> whether it's identified, uniquely or
> | otherwise.
> |  So: "G20010302T165500.0000Z!Superbiskit@Home.com"
>
> No more or less valid than what my firewall at work does:
> <01Mar2.104434est.115296@gateway.intersys.com>
> But it is harder to calculate, especially given that Emacs really has no
> good way of looking for MAC addresses.

Just like your firewall, read that as "Gregorian" 2001 03 01, etc.  Gnus could do
that quite easily!  But for those of us with an ISP as gateway I'm not sure any
ID we give a message will "take."  I think At-Home will stick its own on it
anyway.  I'll need to do some testing !

>
> --
> Rat <ratinox@peorth.gweep.net>    \ If Happy Fun Ball begins to smoke, get
> Minion of Nathan - Nathan says Hi! \ away immediately. Seek shelter and cover
> PGP Key: at a key server near you!  \ head.

--
David A. Cobb, The Superbiskit !
Software Engineer, Public Access Advocate, All around nice guy.
Get my PGP key at
:<http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=superbiskit>
Fingerprint=0x{6E3E DB8C 2E8C 4248 62B2  FE29 08EE CF0A 3629 E954}
"By God's Grace I am a Christian man, by my actions a great sinner."
--The Way of a Pilgrim, R. M. French [tr.]
<---.----!----.----!----.----!----.----!----.----!----.----!----.---->





^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-01 21:39     ` Florian Weimer
  2001-03-01 22:46       ` Paul Jarc
@ 2001-03-03 10:45       ` Per Abrahamsen
  2001-03-11 14:20         ` Florian Weimer
  1 sibling, 1 reply; 32+ messages in thread
From: Per Abrahamsen @ 2001-03-03 10:45 UTC (permalink / raw)


Florian Weimer <fw@deneb.enyo.de> writes:

> prj@po.cwru.edu (Paul Jarc) writes:
> 
> > Florian Weimer <fw@deneb.enyo.de> writes:
> > > For mail, there never was a uniqueness constraint on message IDs.
> > 
> > I'm not sure what you mean, but RFC822 4.6.1 says "The uniqueness of
> > the message identifier is guaranteed by the host which generates it."
> 
> Hardly anybody relies on the uniqueness of message IDs.  

How is that relevant?

I do, anyway, since I use the message-id for sorting away duplicates.
Someone else mentioned threading, and mail-to-news gateways also rely
on the uniqueness of the mail message-id.

> Messages without IDs are even transported by most MTAs.

I believe sendmail adds one if it is missing.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-03 10:45       ` Per Abrahamsen
@ 2001-03-11 14:20         ` Florian Weimer
  2001-03-11 15:09           ` Kai Großjohann
  2001-03-11 15:10           ` Per Abrahamsen
  0 siblings, 2 replies; 32+ messages in thread
From: Florian Weimer @ 2001-03-11 14:20 UTC (permalink / raw)


Per Abrahamsen <abraham@dina.kvl.dk> writes:

> I do, anyway, since I use the message-id for sorting away duplicates.
> Someone else mentioned threading, and mail-to-news gateways also rely
> on the uniqueness of the mail message-id.

But message IDs are *not unique* for mail messages.  As soon as you
crosspost a message to two mailing lists, there are at least two
copies of the same message being distributed with different headers.


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-11 14:20         ` Florian Weimer
@ 2001-03-11 15:09           ` Kai Großjohann
  2001-03-11 15:10           ` Per Abrahamsen
  1 sibling, 0 replies; 32+ messages in thread
From: Kai Großjohann @ 2001-03-11 15:09 UTC (permalink / raw)
  Cc: ding

On 11 Mar 2001, Florian Weimer wrote:

> But message IDs are *not unique* for mail messages.  As soon as you
> crosspost a message to two mailing lists, there are at least two
> copies of the same message being distributed with different headers.

Then every news message violates the uniqueness constraint, too.
Every news server which sees the message frobs the Path header.

And if you send a mail message to two people, the Received headers
will be different.

Clearly, the Path and Received headers should not be considered
important when comparing two messages.

kai
-- 
Be indiscrete.  Do it continuously.


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-03-11 14:20         ` Florian Weimer
  2001-03-11 15:09           ` Kai Großjohann
@ 2001-03-11 15:10           ` Per Abrahamsen
  1 sibling, 0 replies; 32+ messages in thread
From: Per Abrahamsen @ 2001-03-11 15:10 UTC (permalink / raw)


Florian Weimer <fw@deneb.enyo.de> writes:

> Per Abrahamsen <abraham@dina.kvl.dk> writes:
> 
> > I do, anyway, since I use the message-id for sorting away duplicates.
> > Someone else mentioned threading, and mail-to-news gateways also rely
> > on the uniqueness of the mail message-id.
> 
> But message IDs are *not unique* for mail messages.  As soon as you
> crosspost a message to two mailing lists, there are at least two
> copies of the same message being distributed with different headers.

That's just semantics on when a copy of a message is still "the same"
message as the original.  If we count changes in headers, the receiver
will never get "the same" message as the sender send, because of the
"Received:" header.  The exact same happens with news, the message you
post to a server will never be "the same" you read on the server,
because the server changes the "Path:" header.

I believe a definition of sameness that would make two copies of a
messages send to two mailing lists not "the same message" would be
both counter-intuitive and useless.  In generel, the automatic changes
made at the transport layer (this includes mailing list software) does
not make the copy a new message.

A formal definition would probably say that the (mail or news)
injection agent should add a new unique message-id if not already
present, and no other automatic agents may change the message-id.
This will give us a message-id that is the same for most messages that
are intuitively the same, and useful for software purposes.

The intuition will break if the user manually add the same message-id
to messages that are intuitively different.  In this case we can from
a software and standard point of view assume the user know what he
does (i.e. the two messages _should_ be treated like duplicates), and
if not, that it is his own fault.


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-02-28 16:31 ` Florian Weimer
                     ` (3 preceding siblings ...)
  2001-03-01 14:24   ` Chris Shenton
@ 2001-12-31  2:37   ` Lars Magne Ingebrigtsen
  2002-01-02 23:24     ` Raymond Scholz
  4 siblings, 1 reply; 32+ messages in thread
From: Lars Magne Ingebrigtsen @ 2001-12-31  2:37 UTC (permalink / raw)


Florian Weimer <fw@deneb.enyo.de> writes:

> There's already such a service built into recent versions of INN:
>
> | 200 cert.uni-stuttgart.de InterNetNews NNRP server INN 2.3.0 ready (posting ok).
> | post
> | 340 Ok, recommended ID <97j88b$o6$1@hornet.rus.uni-stuttgart.de>

That's pretty cool, but it comes too late, really.  Gnus/Message needs
to know what Message-ID it's going to use, so that filed-away copies,
possible score files, mail copies (etc.) all get the same Message-ID.

Now, if INN had a command called "GIVE-ME-A-MESSAGE-ID", then Gnus
could use that.

-- 
(domestic pets only, the antidote for overdose, milk.)
   larsi@gnus.org * Lars Magne Ingebrigtsen



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: Thoughts on Message-ID generation
  2001-12-31  2:37   ` Lars Magne Ingebrigtsen
@ 2002-01-02 23:24     ` Raymond Scholz
  0 siblings, 0 replies; 32+ messages in thread
From: Raymond Scholz @ 2002-01-02 23:24 UTC (permalink / raw)


Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Now, if INN had a command called "GIVE-ME-A-MESSAGE-ID", then Gnus
> could use that.

This may work but it should be considered harmful, me thinks.

,----
| post
| 340 Ok, recommended ID <hk401a.787.ln@mde1.zonix.de>
| .
| 441 From: header missing, article not posted
`----

Cheers, Ray
-- 
http://www.zonix.de/ - (c) 2000 by Yamtaijika Corp.



^ permalink raw reply	[flat|nested] 32+ messages in thread

end of thread, other threads:[~2002-01-02 23:24 UTC | newest]

Thread overview: 32+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-02-28 16:05 Thoughts on Message-ID generation Toby Speight
2001-02-28 16:31 ` Florian Weimer
2001-02-28 16:38   ` Paul Jarc
2001-03-01 21:39     ` Florian Weimer
2001-03-01 22:46       ` Paul Jarc
2001-03-02 10:34         ` Florian Weimer
2001-03-02 15:03           ` Paul Jarc
2001-03-03 10:45       ` Per Abrahamsen
2001-03-11 14:20         ` Florian Weimer
2001-03-11 15:09           ` Kai Großjohann
2001-03-11 15:10           ` Per Abrahamsen
2001-02-28 18:35   ` Toby Speight
2001-02-28 20:09   ` Kai Großjohann
2001-03-01  3:12     ` Russ Allbery
2001-03-01 14:24   ` Chris Shenton
2001-03-01 14:51     ` Florian Weimer
2001-03-01 22:52       ` Harry Putnam
2001-03-02 10:35         ` Florian Weimer
2001-03-01 15:17     ` Kai Großjohann
2001-03-01 22:05       ` David A. Cobb
2001-03-01 22:38         ` Stainless Steel Rat
2001-03-01 22:55           ` David A. Cobb
2001-03-02  0:52             ` Stainless Steel Rat
2001-03-02 14:35               ` Toby Speight
2001-03-02 15:41                 ` Stainless Steel Rat
2001-03-02 15:53                 ` Paul Jarc
2001-03-02 16:18                 ` Simon Josefsson
2001-03-02 16:43               ` David A. Cobb
2001-03-02 17:38                 ` Stainless Steel Rat
2001-03-03  3:44                   ` David A. Cobb
2001-12-31  2:37   ` Lars Magne Ingebrigtsen
2002-01-02 23:24     ` Raymond Scholz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).