Hi Janos,
Janos Zsako writes :
Note also that this smartness quite consciously introduces less 'security' because it allows someone to make clandestine changes by forging his From:-address to avoid notification. We did this because those with really high security requirements shoud use maintainers with a stronger authentication menthod.
Correct. However I originally noticed that this "feature" also works by adding a Reply-to: in the header...
The feature only disallows sending an ACK & notify message to the same E-mail address. You will always get at least an ACK message. The ACK message is sent to the Reply-To: address or the From: address if no Reply-To: address is present. The notify: message is send to all people listed except for the people that already got an ACK message.
My point at the RIPE meeting was that when sending an update with a Reply-to, the mnt-nfy DOES get a "warning" message, that somebody made SOME updates, (since the "Congratulations" are sent to her), but has no clue wrt. WHAT exactly has been modified (usually the Subject: line does not provide accurate information - if at all)...
This is true. You will receive less information then with a notification message in this case. This is clearly a disadvantage, but also an advantage for those people that are getting a bit tired of the amount of mails coming from the RIPE database automatic department.
(Of course, the situation can be even worse if the From: line is forged...)
But you will always get at least one message from the database whether it is an ACK message or a notify message. The smartness only eliminates more mails sent to one and the same E-mail address. And again <ripe-dbm@ripe.net> is always willing to investigate with the maillogs if you suspect someting like this (in fact I *did* found a forgery once and I can assure you that the person that did it will not do it another time ...)
PS. I suppose (and strongly hope :)) the authentication is based on the From: and not the Reply-to:.
I can tell you from first hand experience (that is the code is implemented as required in the specs) that the authentication is done on the From: field and nothing else then that. David K. ---