Re: From: abuse

warnock@Hypatia.gsfc.nasa.gov (Archie Warnock)
Errors-To: secret@www0.cern.ch
Date: Wed, 9 Feb 1994 21:43:16 --100
Message-id: <9402092028.AA04408@Hypatia.gsfc.nasa.gov>
Errors-To: secret@www0.cern.ch
Reply-To: www-talk@www0.cern.ch
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: warnock@Hypatia.gsfc.nasa.gov (Archie Warnock)
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: From: abuse
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 1087
So Rob McCool sez to me:
> I think we need to change this section to read that From: is to be used for
> logging purposes only, and strike the mention of insecure form of access
> protection and the section on the person given accepting responsibility for
> the method performed. The only access protection this would provide is
> applicable in such a limited context that the information in From: is not
> useful for more than logging information anyway.

I agree.  I'm much more interested in clients that can (eventually)
encrypt a paassword field in a document and send it to the server for
validation than in ever suggesting that the From: field could be used
for some sort of access control.  OTOH, I'd just love to have the server
log that information - there are a number of cases where we could make
use of user name information in our summary stats.
_______________________________________________________________________
-- Archie Warnock              Internet:  Archie.Warnock@gsfc.nasa.gov
-- Hughes STX                  "WAIS is the engine, WWW is the track"
-- NASA/GSFC