On Sat, Apr 18, 2020 at 08:00:24PM -0400, Remco Rijnders wrote:
These might all seem far fetched, but the point is, information is being disclosed that is of no value to be included in the Message-ID header.
The information does have value for the purposes of uniqueness.But your examples have given me pause and I will think about this more during the next development cycle.
If (as ilf pointed out but which you did not address in your response to him/her) the concerns raised in https://gitlab.com/muttmua/mutt/-/issues/159 are valid there, why are they not valid in this context?
Personally, I approved the MR for a different reason - disclosing version numbers opens the potential for targeted attacks.
Reducing metadata was secondary for me, and still is a minor factor when it comes to competing interests (e.g. correctness, security, performance, utility).
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
