Re: From: abuse

john@math.nwu.edu (John Franks)
Errors-To: secret@www0.cern.ch
Date: Wed, 9 Feb 1994 22:00:48 --100
Message-id: <9402092052.AA17990@hopf.math.nwu.edu>
Errors-To: secret@www0.cern.ch
Reply-To: www-talk@www0.cern.ch
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: john@math.nwu.edu (John Franks)
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: From: abuse
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 1054
According to Archie Warnock:
> 
> So Rob McCool sez to me:
> > I think we need to change this section to read that From: is to be used for
> > logging purposes only, and strike the mention of insecure form of access
> > protection and the section on the person given accepting responsibility for
> > the method performed. The only access protection this would provide is
> > applicable in such a limited context that the information in From: is not
> > useful for more than logging information anyway.
> 
> I agree.  I'm much more interested in clients that can (eventually)
> encrypt a paassword field in a document and send it to the server for
> validation than in ever suggesting that the From: field could be used
> for some sort of access control.  OTOH, I'd just love to have the server
> log that information - there are a number of cases where we could make
> use of user name information in our summary stats.

Which, if any, clients currently support the From: header?


John Franks 	Dept of Math. Northwestern University
		john@math.nwu.edu