New Account Types and data equivalency (was post TB 3.1 mailnews backend plans)

Andrew Sutherland asutherland at asutherland.org
Mon Jul 19 18:41:35 UTC 2010


  On 07/18/2010 02:04 PM, Kent James wrote:
>  On 7/17/2010 9:46 PM, Andrew Sutherland wrote:
>> We obviously want to handle malicious attempts to collide in the 
>> message-id space
> I've got the sense that there is some history of issues with using the 
> internet message id as a unique identifier for a message, but I don't 
> know what those are. Would someone case to elaborate on what the 
> problems were or could be with using message-id?

(replying to list as I think this was accidentally directed just to me)

My understanding is that some clients and/or gateways were not good 
about inserting message-ids at all or used the same message-id for all 
messages.  (I vaguely recall Exchange being the most notable problematic 
source.)  Thunderbird compensates for missing message-ids by computing a 
hash and adding it as a new header.  (The hash looked a little funny due 
to a signed-ness issue for a while.)  I'm sure others have deeper 
knowledge and/or better memories than me on this.  (Gloda comments might 
know more than me, for example.)

My concern in this case is about a transition to making the message-id 
more than a threading signifier into an attack vector for ne'er do-wells.

Andrew



More information about the tb-planning mailing list