Re: a DoS vulnerability associated with conflated Message-IDs?

diff --git a/8f/20c0535999be24a5089801c6231b34efe14a27 b/8f/20c0535999be24a5089801c6231b34efe14a27
new file mode 100644 (file)
index 0000000..0848bf1
--- /dev/null
+++ b/8f/20c0535999be24a5089801c6231b34efe14a27
@@ -0,0 +1,68 @@
+Return-Path: <tom.prince@ualberta.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id 9F346431FBC\r
+       for <notmuch@notmuchmail.org>; Sat, 10 Mar 2012 09:38:51 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]\r
+       autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id 42aqK2OBOFPI for <notmuch@notmuchmail.org>;\r
+       Sat, 10 Mar 2012 09:38:51 -0800 (PST)\r
+Received: from socrates.hocat.ca (socrates.hocat.ca [76.10.188.53])\r
+       by olra.theworths.org (Postfix) with ESMTP id 07D3E431FAE\r
+       for <notmuch@notmuchmail.org>; Sat, 10 Mar 2012 09:38:51 -0800 (PST)\r
+Received: from hermes.hocat.ca (hermes.hocat.ca [69.165.170.253])\r
+       by socrates.hocat.ca (Postfix) with SMTP id 5060D1AE3;\r
+       Sat, 10 Mar 2012 10:38:47 -0700 (MST)\r
+Received: (nullmailer pid 14148 invoked by uid 1000);\r
+       Sat, 10 Mar 2012 17:38:45 -0000\r
+From: Tom Prince <tom.prince@ualberta.net>\r
+To: Jeremy Nickurak <not-much@trk.nickurak.ca>,\r
+       notmuch <notmuch@notmuchmail.org>\r
+Subject: Re: a DoS vulnerability associated with conflated Message-IDs?\r
+In-Reply-To:\r
+ <CA+eQo_3x+VJMoB1U1R-vvk==u4x6drKikHrr=HHZZnsZEE7PmQ@mail.gmail.com>\r
+References: <87k42vrqve.fsf@pip.fifthhorseman.net>\r
+       <87ipif2fdn.fsf@wyzanski.jamesvasile.com>\r
+       <4F58E962.1050403@fifthhorseman.net>\r
+       <CA+eQo_3x+VJMoB1U1R-vvk==u4x6drKikHrr=HHZZnsZEE7PmQ@mail.gmail.com>\r
+User-Agent: Notmuch/0.11.1+239~g4d2d96b (http://notmuchmail.org) Emacs/23.4.2\r
+       (x86_64-pc-linux-gnu)\r
+Date: Sat, 10 Mar 2012 12:38:44 -0500\r
+Message-ID: <87y5r84aqj.fsf@hermes.hocat.ca>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain; charset=us-ascii\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Sat, 10 Mar 2012 17:38:51 -0000\r
+\r
+On Thu, 8 Mar 2012 10:38:32 -0700, Jeremy Nickurak <not-much@trk.nickurak.ca> wrote:\r
+> On Thu, Mar 8, 2012 at 10:16, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:\r
+> > Any other suggestions or ideas?\r
+> \r
+> What about representing the contents from both message in one apparent message?\r
+> - ...\r
+> - If the bodies disagree, display both.\r
+\r
+We'd probably need to do some like doing a diff. I find it annoying\r
+enough displaying both text and html copies of a mail. Displaying two\r
+copies of a message, just because one of them has a few extra lines as a\r
+footer would be equally annoying.\r
+\r
+Maybe it would be enough to ignore the signature too, when comparing messages?\r