On Fri, 22 Oct 2004, Simon Schlachter wrote:
I'm still working on a Java implementation of razor. I'm almost finished and am currently working on the revoke/report functionality. While reading the code, I found a disturbing part in one of the functions.
File: Core.pm Function: report()
If a message is reported, a signature is submitted to the server which _can_ answer witherror 230 to request the sending of the whole message text.
If a message is revoked, however, there is always the whole message text sent.
The comment in the code at the referred part is: # send server mails/body parts either # revoked, or requested if reporting
I find this very disturbing, since it is highly probable that revoked messages contain private stuff. I do not like the idea that all messages I revoke are sent to razor's nomination servers in plain text. As a matter of fact: I think this is a design error. Or am I wrong?
This is a significant design error. I reported it to Vipul months ago. He was of the opinion that this had been corrected a long time ago, as it apparently has been in the windows clients that connect to the same network. I offered to send him a packet dump.
As to the suggestion in another reply that changing this would prevent the e4 mechanism from working, I don't think this is a big issue. You'd just have an overlap period where the new checksums are being accumulated. Old checksums which are not coming in any more are not all that significant, so it wouldn't take all that long for a new algorithm to get up to speed.
Now that this issue is out on a public list, it really does need to be fixed quickly.
Andrew
--
No added Sugar. Not tested on animals. May contain traces of Nuts. If irritation occurs, discontinue use.
------------------------------------------------------------------- Andrew McNaughton Living in a shack in Tasmania [EMAIL PROTECTED] Between the bush and the sea
Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc http://www.scoop.co.nz/
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Razor-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/razor-users
