In-reply-to: Johan Helsingius' message of Tue, 23 Feb 1993 09:32:54 +0200. <9302230851.aa19921@penet.penet.FI> -----BEGIN PGP SIGNED MESSAGE-----
The problem became apparent to me when I sent pseudonymous mail to a prominent person on this list; his reply exposed his pseudonymous id at anon.penet.fi, surely without his knowledge.
I think this would be fixed by the "X-Anon-Anonymize: no" (or whatever) hack. But for reasons I have outlined in the earlier round of discussions, it can't be the default. Comments?
If it's not the default behavior, then it will be a recurring problem.
There has been a lot of discussion about this, and I'm afraid it's too late to change the *default* behavior now...
Why? It seems to me the X-Anon-Password header was a pretty major change, yet you made that change to preserve people's pseudonymous identities. The instant challenge is just as grave, don't you think?
P.S. In case I forgot to announce it, as you could see from the message I'm replying to, PGP stuff doesn't get stripped at anon.penet.fi anymore.....
Great stuff. Thanks. DEADBEAT -----BEGIN PGP SIGNATURE----- Version: 2.1 iQBFAgUBK4o8FfFZTpBW/B35AQFQgwF/QU9NQmgtFKfv+KMoghtSwTL/e8vh3G4b vwlZy3yWF6D4+LVAnOEcuh0gvxJSNi51 =hD4O -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind system, any replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi. *IMPORTANT server security update*, mail to update@anon.penet.fi for details.
There has been a lot of discussion about this, and I'm afraid it's too late to change the *default* behavior now...
Why? It seems to me the X-Anon-Password header was a pretty major change, yet you made that change to preserve people's pseudonymous identities. The instant challenge is just as grave, don't you think?
It still didn't affect much of the functionality. You can still post, and mail to anXXXX users without knowing anything about passwords or X-Anon headers. And you only need to set your password to "none" to get the old behaviour. Julf
participants (2)
-
Johan Helsingius
-
nowhere@bsu-cs.bsu.edu