On Sun, Mar 28, 2004 at 07:01:47PM -0800, Robert LeBlanc wrote:
# (2) When an item is revoked, is the full body of the item sent to # the Razor server, or just the hash/digest? If the mail happens to # contain sensitive or confidential information, I imagine most people # wouldn't want to have that sent and/or databased by Razor (and may # in fact have corporate policies that forbid such a thing). I # realize that the full body of *spam* messages are sent to the Razor # server, but is this also done with the revoke mechanism?
Depending on which implementation you're using, the client-side agent will first attempt to revoke the ``dre'' (default reporting engine) signature of the MIME part(s). If the system does not know about them, then it will respond with an ``err=230'', the "content required" error, and the client-side agent will then provide the content in full. In the common case, you're revoking something the system already knows about and thus the content never crosses the wire (a second time).
This presents a potentially troubling situation when p=0, though, does it not? If the mail is not known to Razor yet, you seem to be saying that the client submits the full body of the mail (even though in this case the mail was ham). If I'm trying to revoke something that Razor doesn't know about, shouldn't that lack of an existing signature be enough to cancel the rest of the revocation process?
This is really why I was asking the first question (about whether there was any harm in revoking all non-spam items). I've sorted my mail into two piles--confirmed spam and confirmed ham--and I've been using "report" on the confirmed spam, but I haven't been using "revoke" on the confirmed ham due to concerns about uploading sensitive material to Razor's servers (during the revoke process, not the report process). I'm aware that a mistaken report can be corrected with a matching revoke, and that's not my concern. I'm concerned that if I try to revoke something that isn't known to Razor yet (because it's in my pile of user-confirmed ham, to be revoked in a batch process) I'll end up transmitting the full body of that ham unnecessarily (and potentially contrary to organizational policy). Am I misunderstanding something?
Robert LeBlanc <[EMAIL PROTECTED]>
Renaissoft, Inc.
Maia Mailguard <http://www.renaissoft.com/maia/>
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Razor-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/razor-users
