/ Sam Ruby <[EMAIL PROTECTED]> was heard to say: | What should we do? One way to solve this is to require "id" *and* update | Graham's original proposal accordingly, *and* incorporate it into the next | (and presumably final draft). | | - - - | | That's what I meant by "There is a danger of looking at changes in | isolation.": | | http://www.imc.org/atom-syntax/mail-archive/msg15292.html | | Of course, breaking any link in my complicated chain of logic above would | cause the whole argument to collapse, which would be fine with me. | | Does anybody see something that I am missing?
I have to say that the DoS issue hadn't occurred to me before Bob
raised it and I've been a bit depressed about it ever since it came
up. Is there really anything that we can do here, short of providing a
mechanism for signing entries and telling aggregators that a duplicate
is an entry with the same id and the same signature?
Seems to me if I'm unscrupulous enough to attempt DoS, I can fake all
of the required parameters.
/me shrugs
Be seeing you,
norm
--
Norman Walsh <[EMAIL PROTECTED]> | Happiness is a how, not a what; a
http://nwalsh.com/ | talent, not an object.--Herman Hesse
pgpm9pkr2fBDr.pgp
Description: PGP signature
