/ Sam Ruby <[EMAIL PROTECTED]> was heard to say: | What should we do? One way to solve this is to require "id" *and* update | Graham's original proposal accordingly, *and* incorporate it into the next | (and presumably final draft). | | - - - | | That's what I meant by "There is a danger of looking at changes in | isolation.": | | http://www.imc.org/atom-syntax/mail-archive/msg15292.html | | Of course, breaking any link in my complicated chain of logic above would | cause the whole argument to collapse, which would be fine with me. | | Does anybody see something that I am missing?
I have to say that the DoS issue hadn't occurred to me before Bob raised it and I've been a bit depressed about it ever since it came up. Is there really anything that we can do here, short of providing a mechanism for signing entries and telling aggregators that a duplicate is an entry with the same id and the same signature? Seems to me if I'm unscrupulous enough to attempt DoS, I can fake all of the required parameters. /me shrugs Be seeing you, norm -- Norman Walsh <[EMAIL PROTECTED]> | Happiness is a how, not a what; a http://nwalsh.com/ | talent, not an object.--Herman Hesse
pgpm9pkr2fBDr.pgp
Description: PGP signature