On 16 Jan 2005, at 9:38 am, David Powell wrote:
Feed id's are optional, so software is likely to use the feed location to identify feeds. So if a user subscribes to a feed with a faked "self" link, then they will see the initial entries of the faked document, merged with future entries from the real feed, which could be used to misrepresent the author of the real feed.
The user would be trying to subscribe to my feed though, so it's equally likely they'll think I wrote the other person's entries. It's nothing you can't do with a HTTP redirect or a spoofed link. In any case I'd expect the aggregator to discard the content of the downloaded file and only use content downloaded from the "self" link. I don't know how other aggregators work, but in Shrook at least I'd have to make a deliberate effort to incorporate the contents of the file before switching to the linked feed.
Graham
smime.p7s
Description: S/MIME cryptographic signature
