Paul Hoffman wrote:
> Question (not a disagreement): Why wouldn't the later entry be
> dropped instead of the first one being flushed?
The order of entries is not significant for the subject attack. The
reason is that it is possible for an attacker to mount an "anticipatory"
attack by discovering and predicting the atom:ids that will be generated by
a publisher under attack. In the simplest case, the author under attack
might use an id generating method that distinguished between ids by simply
incrementing a counter. Thus, if you knew the id of the last item published,
you could generate a "blocking" entry that used what was probably going to
be the next id generated. The fake id would block "real" posts if the rule
was to always drop the second or later instance of an id. This permits the
attacker to impose a prior-restraint or anticipatory block against a
publisher.
Also, strict enforcement of this rule would make it virtually
impossible for a legitimate "update" to an entry to ever get propagated
through the system. In the case of legitimate updates, I'm sure people would
argue that the older entry should be dropped, not the newer one.
>At 5:05 PM +0100 4/27/05, Bill de h�ra wrote:
>>What will prevent people overwriting the atom:[EMAIL PROTECTED]'self']
>>links as well as the id?
> Seems like a good question. If someone is trying every avenue to
> erase an old entry, why wouldn't they try this as well?
This is answered in full in my previous email to the list.
Basically, the aggregator would have to verify the truth of the claim made
in the atom:[EMAIL PROTECTED]'self'] before republishing the entry. This is
cumbersome and expensive, but will often be possible.
bob wyman
