[6544] in www-talk@info.cern.ch
Re: Security in HTTP and caches
daemon@ATHENA.MIT.EDU (Henrik Frystyk Nielsen)
Thu Nov 3 07:18:27 1994
Date: Thu, 3 Nov 1994 13:17:15 +0100
Errors-To: listmaster@www0.cern.ch
Reply-To: frystyk@ptsun00.cern.ch
From: frystyk@ptsun00.cern.ch (Henrik Frystyk Nielsen)
To: Multiple recipients of list <www-talk@www0.cern.ch>
> > (a) the client should always fills in the from field (if nothing else,
> > with "nobody"@current-domain-name).
>
> The great public fiercely disagrees having their email address
> automatically sent -- it's a privacy issue, and I so wouldn't enforce
> the From field.
>
> > (2) Allow servers to use host based authentication based on From address
> > rather than socket-peer address.
>
> >From field is much easier forge than peer address, even a newbie could
> do it.
The From: field is a service field used for: 'if you want to contact me
then use this address'. For this reason it _should_ be very easy to change
but at the same time it should not be used for anything else.
-- cheers --
Henrik
