[37998] in North American Network Operators' Group
Re: cleaning up MIME external-body attachments....
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat May 26 15:34:39 2001
Message-Id: <200105261932.f4QJWJ123734@foo-bar-baz.cc.vt.edu>
To: nanog@merit.edu (North America Network Operators Group Mailing List)
In-Reply-To: Your message of "Sat, 26 May 2001 13:15:29 EDT."
<20010526171529.4614BF9@proven.weird.com>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1737543232P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Sat, 26 May 2001 15:32:19 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1737543232P
Content-Type: text/plain; charset=us-ascii
On Sat, 26 May 2001 13:15:29 EDT, Greg A. Woods said:
> The space occupied on the HTTP (or FTP) server isn't "spool space".
> It's already destined as "archive space" (many ISPs don't even back it
> up and state flatly that it's the user's responsibiilty to keep archive
> copies in case of disaster or whatever).
OK. So the thing lives in /tempurls instead of /var/spool.
The point was that quantity X of disk was going to be needed
for at least a week or to, instead of probably just a few minutes.
You get 100K customers all using several X of disk for a week instead of
a few minutes, you better be planning on more disk..
> Of course an ISP might provide a few GB of cheap disk for "temp" URLs in
> people's home pages that'd get cleaned up automaticaly after a few
> days/weeks/whatever of inactivity. (http://my.isp/~me/temp/ is a
> symlink/alias/whatever created by the ISP into this temp space)
My point was that you may need more than just a few GB of cheap disk for this.
> Don't you know how to encrypt files? Hopefully any confidential e-mail
> message you send is encrypted so why wouldn't you encrypt the
> external-body content with the very same key before uploading it to a
> public server?
Hmm.. OK.. so I can either use a symmetric key scheme and figure out how
to distribute 25 copies of the key for this file, or I use public key
scheme and encrypt each one to the recipient's public key (and park 25
seperate copies on the server, aggrivating the problem I mentioned above).
Did I mention that:
a) PKI is still a pipe dream
b) I'm *well* aware of how to encrypt files - I'm the guy who is continually
being asked what the <bleep> an application/pgp-signature is.
c) this infrastructure is getting more and more complicated.. ;)
As I said - I'm glad the draft wasn't proprietary information.
> > I'm pretty sure that
> > I'd hit any number of snags and screw-up trying to put a .htaccess
> > restriction that actually worked....
>
> You certainly would not want to do anything so complex and pointless.
Especially not when just PGP'ing the mail and sending it already does all
the necessary securing of the infrastructure....
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_1737543232P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBOxAEw3At5Vm009ewEQKKXgCfdJhX5azlW8e0FutJ3zDk4VFXQ6kAn0m4
/OZcRxFJUzupb6pTMMz5Pgdj
=za24
-----END PGP SIGNATURE-----
--==_Exmh_1737543232P--
