[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#58472: [PATCH] Make `message-unique-id' less prone to collisions
From: |
Stefan Kangas |
Subject: |
bug#58472: [PATCH] Make `message-unique-id' less prone to collisions |
Date: |
Mon, 17 Oct 2022 15:40:55 +0000 |
Lars Ingebrigtsen <larsi@gnus.org> writes:
> Stefan Kangas <stefankangas@gmail.com> writes:
>
>> It still has the privacy issues I've indicated. Leaking the euid for no
>> good reason leaves you vulnerable to fingerprinting (or even attack, in
>> the worst case scenario).
>
> I don't think the privacy issues here are compelling.
Do you find it problematic that it's very easy for us to have
collisions? We will have a 1 in 625 chance for a _partial_ Message-ID
collision every time two users:
1. send an email the same second, and
2. have the same euid (e.g. 1000 on Ubuntu, or 501 or whatever it is on
macOS, etc.).
Just try this:
(let ((tim (time-convert nil 'integer))
(i 0) ids)
(while t
(cl-incf i)
(cl-flet ((time-convert (lambda (_ _) tim)))
(let ((id (message-unique-id)))
(if (member id ids)
(error "oops after %d tries" i)
(push id ids))))))
We will have a _full_ Message-ID collision if they also:
3. have the same host (e.g. it's misconfigured [a not insignificant
number of desktops, mind you, so it says "tickle-me" or whatever
non-hilarious thing we use now], or they are on the same big domain
like eecs.mit.edu).
Is that really "good enough"? We could do drastically better here, with
very small means, so I'm not sure why we wouldn't.
> No, matching on References/In-reply-to is the only way to get at that
> functionality.
I still don't know which functionality that is. Getting an In-reply-to
for your highly unique euid 1000? What's wrong with just checking if
your email address is in To/Cc?
If this use-case is important, wouldn't it be much better to use a
defcustom that you could at least set yourself to something somewhat
unique to you? We could just set it to 1000 or whatever by default (so
we're not worse off than today, but also not leaking information by
default), and then users could set that to whatever they like (even to
their euid).
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, (continued)
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Matt Armstrong, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Paul Eggert, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Stefan Kangas, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Eli Zaretskii, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Matt Armstrong, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Eli Zaretskii, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Lars Ingebrigtsen, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Eli Zaretskii, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Stefan Kangas, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Lars Ingebrigtsen, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions,
Stefan Kangas <=
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Matt Armstrong, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Paul Eggert, 2022/10/17
- bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Eli Zaretskii, 2022/10/18
bug#58472: [PATCH] Make `message-unique-id' less prone to collisions, Lars Ingebrigtsen, 2022/10/13