From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 4ABBD431FB6 for ; Thu, 8 Mar 2012 09:04:45 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 0.373 X-Spam-Level: X-Spam-Status: No, score=0.373 tagged_above=-999 required=5 tests=[RDNS_DYNAMIC=0.363, T_MIME_NO_TEXT=0.01] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h7cmPY-FsWXn for ; Thu, 8 Mar 2012 09:04:44 -0800 (PST) Received: from hackervisions.org (67-207-143-141.slicehost.net [67.207.143.141]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id D24B9431FAE for ; Thu, 8 Mar 2012 09:04:44 -0800 (PST) Received: from 095-097-039-212.static.chello.nl ([95.97.39.212] helo=localhost) by hackervisions.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1S5glg-0004n7-9t for notmuch@notmuchmail.org; Thu, 08 Mar 2012 12:04:44 -0500 From: James Vasile To: notmuch mailing list Subject: Re: a DoS vulnerability associated with conflated Message-IDs? In-Reply-To: <87k42vrqve.fsf@pip.fifthhorseman.net> References: <87k42vrqve.fsf@pip.fifthhorseman.net> User-Agent: Notmuch/0.11.1+206~gf3628de (http://notmuchmail.org) Emacs/23.3.1 (i486-pc-linux-gnu) Date: Thu, 08 Mar 2012 12:04:36 -0500 Message-ID: <87ipif2fdn.fsf@wyzanski.jamesvasile.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Mar 2012 17:04:45 -0000 --=-=-= On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor wrote: > Any ideas on how to approach this? Treat messages with the same ID but different hashes as different? --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJPWOakAAoJECaDklOuuidYL+gH/0pQ8aLH65Fjle01nfgqfehx c29lvq76jbdxLIcrqR1vpp0U7PfE3zBofVI+aAL2r9oe/HcMcpyAKMJboFgyu6Ok pqZfnbizCaPWiF1TfTvkfSjLueGx0dRqUZ5DVar0lDa1+W/n7df/yQFeMjAibdXQ H7H+1kJHVc4uE2SWGCXKtCd6moH2xn6t/Gc7sJ/ZexSUylqLc3RXoyu/cfQ109Ag z7RGM5PbSyA3cmzCP8lsWqekm//er/5MdhGMOmKA8QB7IGoWQzejQwPq7R2tPavV yLVCjXWeZ3XuD7UZciDCbmxXtWguXEUe9x2mU5EUOWlcTXJzKhr0o+1AMP1+99M= =ASCf -----END PGP SIGNATURE----- --=-=-=--