Re: a DoS vulnerability associated with conflated Message-IDs?

Daniel Kahn Gillmor writes: > On Fri 2017-08-04 16:42:54 -0400, David Bremner wrote: >> Peter Wang writes: >> >>> On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor >>> wrote: notmuch currently treats all messages with the same Message-ID as the same message. I think this could

Re: a DoS vulnerability associated with conflated Message-IDs?

On Fri 2017-08-04 16:42:54 -0400, David Bremner wrote: > Peter Wang writes: > >> On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor >> wrote: >>> notmuch currently treats all messages with the same Message-ID as >>> the same message. I think this could be a vulnerability :( >>> >>> If two

Re: a DoS vulnerability associated with conflated Message-IDs?

Peter Wang writes: > On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor > wrote: >> notmuch currently treats all messages with the same Message-ID as >> the same message. I think this could be a vulnerability :( >> >> If two messages have the same Message-ID, is there a guarantee of whic

a DoS vulnerability associated with conflated Message-IDs?

On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor wrote: > notmuch currently treats all messages with the same Message-ID as > the same message. I think this could be a vulnerability :( > > If two messages have the same Message-ID, is there a guarantee of which > of these messages will be

Re: a DoS vulnerability associated with conflated Message-IDs?

On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor wrote: > notmuch currently treats all messages with the same Message-ID as > the same message. I think this could be a vulnerability :( > > If two messages have the same Message-ID, is there a guarantee of which > of these messages will be

a DoS vulnerability associated with conflated Message-IDs?

On Thu, 8 Mar 2012 10:38:32 -0700, Jeremy Nickurak wrote: > On Thu, Mar 8, 2012 at 10:16, Daniel Kahn Gillmor > wrote: > > Any other suggestions or ideas? > > What about representing the contents from both message in one apparent > message? > - ... > - If the bodies disagree, display both. We

Re: a DoS vulnerability associated with conflated Message-IDs?

On Thu, 8 Mar 2012 10:38:32 -0700, Jeremy Nickurak wrote: > On Thu, Mar 8, 2012 at 10:16, Daniel Kahn Gillmor > wrote: > > Any other suggestions or ideas? > > What about representing the contents from both message in one apparent > message? > - ... > - If the bodies disagree, display both. W

a DoS vulnerability associated with conflated Message-IDs?

On 03/08/2012 12:04 PM, James Vasile wrote: > On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor fifthhorseman.net> wrote: >> Any ideas on how to approach this? > > Treat messages with the same ID but different hashes as different? Given that a message hash would include all headers, includi

a DoS vulnerability associated with conflated Message-IDs?

On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor wrote: > Any ideas on how to approach this? Treat messages with the same ID but different hashes as different? -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature

a DoS vulnerability associated with conflated Message-IDs?

notmuch currently treats all messages with the same Message-ID as the same message. I think this could be a vulnerability :( If two messages have the same Message-ID, is there a guarantee of which of these messages will be produced during a notmuch show? Either way, it seems to create a potentia

a DoS vulnerability associated with conflated Message-IDs?

On Thu, Mar 8, 2012 at 10:16, Daniel Kahn Gillmor wrote: > Any other suggestions or ideas? What about representing the contents from both message in one apparent message? - Aggregate the headers together, perhaps? - Where headers disagree, display both - If the bodies disagree, display both.

Re: a DoS vulnerability associated with conflated Message-IDs?

On Thu, Mar 8, 2012 at 10:16, Daniel Kahn Gillmor wrote: > Any other suggestions or ideas? What about representing the contents from both message in one apparent message? - Aggregate the headers together, perhaps? - Where headers disagree, display both - If the bodies disagree, display both. __

Re: a DoS vulnerability associated with conflated Message-IDs?

On 03/08/2012 12:04 PM, James Vasile wrote: On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor wrote: Any ideas on how to approach this? Treat messages with the same ID but different hashes as different? Given that a message hash would include all headers, including Received: and oth

Re: a DoS vulnerability associated with conflated Message-IDs?

On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor wrote: > Any ideas on how to approach this? Treat messages with the same ID but different hashes as different? pgpjtq6bzoxfs.pgp Description: PGP signature ___ notmuch mailing list notmuch@notmu

a DoS vulnerability associated with conflated Message-IDs?

notmuch currently treats all messages with the same Message-ID as the same message. I think this could be a vulnerability :( If two messages have the same Message-ID, is there a guarantee of which of these messages will be produced during a notmuch show? Either way, it seems to create a potentia