Eric Scheid wrote:
>>On 8/4/05 6:17 AM, "Bob Wyman" <[EMAIL PROTECTED]> wrote:
>> The proposal I made relies on a feed making statements only about
>> itself. In my proposal, a feed can only say: "I contain copies of
>> these other feeds. I am a secondary feed."
> How does this prevent DOS attacks? If I could insert entries with faked
> <atom:id>, could I not also insert entries with faked <atom:source>,
> or any other identification meta-data?
Sure, you could create entries that had faked atom:id's but well
designed readers would only considered your entries to be duplicates if they
appeared in feeds that the "feed under attack" had explicitly declared
itself to be secondary to. Entries with duplicate ids that appeared anywhere
else in the blogosphere would not be considered duplicates. This severely
constrains the opportunity for DOS attacks, substitutions, etc. Readers must
assume that the world is filled with entries that all use the same atom:ids.
The task for the reader is to figure out, among all the entries that use the
same atom:id, which are actually duplicates or legitimate replacements of
each other.
The essential thing to understand here is that while creators of
atom:ids should do what the spec says and create atom:ids that are globally
unique, readers of atom:ids simply cannot assume that atom:ids are, in fact,
globally unique. (No repetition of MUST's or SHOULD's in the spec will
change this truth.) Without any additional information, a reader can only
just barely assume that an atom:id is unique within a single feed and even
then, only in those entries of the feed that do not contain atom:source
elements indicating that the entries have been copied from a foreign feed.
If the community accepts this idea of "primary" and "secondary" or
"authoritative" and "non-authoritative" feeds and entries, it should be
obvious that an entry which is contained in a feed, yet has an atom:source
indicating a foreign feed, should *always* be treated as non-authoritative
(unless, of course, the feed was published by someone you trust or the entry
has a digital signature that can be associated with the entry's source feed
-- these mechanisms aren't defined yet).
Please remember that what I'm talking about here concerns the
processing model for Atom feeds or the semantics of the system composed of
real-world atom feeds and real-world atom processors. To date, most of our
discussions have been simply about the syntax (atom-syntax...) for feeds and
entries. It is great that the atom-syntax requires uniqueness in ids. You
just can't expect processors to be terribly influenced by the fact that the
uniqueness requirement exists.
bob wyman
