Eric Scheid wrote: >>On 8/4/05 6:17 AM, "Bob Wyman" <[EMAIL PROTECTED]> wrote: >> The proposal I made relies on a feed making statements only about >> itself. In my proposal, a feed can only say: "I contain copies of >> these other feeds. I am a secondary feed." > How does this prevent DOS attacks? If I could insert entries with faked > <atom:id>, could I not also insert entries with faked <atom:source>, > or any other identification meta-data? Sure, you could create entries that had faked atom:id's but well designed readers would only considered your entries to be duplicates if they appeared in feeds that the "feed under attack" had explicitly declared itself to be secondary to. Entries with duplicate ids that appeared anywhere else in the blogosphere would not be considered duplicates. This severely constrains the opportunity for DOS attacks, substitutions, etc. Readers must assume that the world is filled with entries that all use the same atom:ids. The task for the reader is to figure out, among all the entries that use the same atom:id, which are actually duplicates or legitimate replacements of each other. The essential thing to understand here is that while creators of atom:ids should do what the spec says and create atom:ids that are globally unique, readers of atom:ids simply cannot assume that atom:ids are, in fact, globally unique. (No repetition of MUST's or SHOULD's in the spec will change this truth.) Without any additional information, a reader can only just barely assume that an atom:id is unique within a single feed and even then, only in those entries of the feed that do not contain atom:source elements indicating that the entries have been copied from a foreign feed. If the community accepts this idea of "primary" and "secondary" or "authoritative" and "non-authoritative" feeds and entries, it should be obvious that an entry which is contained in a feed, yet has an atom:source indicating a foreign feed, should *always* be treated as non-authoritative (unless, of course, the feed was published by someone you trust or the entry has a digital signature that can be associated with the entry's source feed -- these mechanisms aren't defined yet). Please remember that what I'm talking about here concerns the processing model for Atom feeds or the semantics of the system composed of real-world atom feeds and real-world atom processors. To date, most of our discussions have been simply about the syntax (atom-syntax...) for feeds and entries. It is great that the atom-syntax requires uniqueness in ids. You just can't expect processors to be terribly influenced by the fact that the uniqueness requirement exists.
bob wyman