From: Jeff Weinstein <jsw@netscape.com>
To: don@cs.byu.edu
Message Hash: 7a9f864a949720a4bb5831f4db744d4b634a65d75e685a16cf1553164b38f098
Message ID: <30F9FEF0.6EAA@netscape.com>
Reply To: <199601150454.VAA00449@wero.cs.byu.edu>
UTC Datetime: 1996-01-15 07:34:00 UTC
Raw Date: Mon, 15 Jan 1996 15:34:00 +0800
From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 15 Jan 1996 15:34:00 +0800
To: don@cs.byu.edu
Subject: Re: (none) [httpd finding your identity]
In-Reply-To: <199601150454.VAA00449@wero.cs.byu.edu>
Message-ID: <30F9FEF0.6EAA@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain
Don wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> > I've removed the code that uses the e-mail address as the
> > FTP password for anonymous FTPs.
>
> Does that mean that general-purpose ftp won't be accepted unless the
> user gives up their email? Greaaaaaaat... Can't have it both ways, I
> guess. What can be added as far as user control; inline vs non-inline,
> for example.
I'm not sure I understand what you are saying, so I will try to
re-state what we are doing. By default for anonymous FTP we will
send the string "mozilla@" for the anon password. This is similar
to Mosaic and Internet Explorer, which send "webuser@". If the
user wants to send their real address, or anything else, they can
type an ftp URL that will allow them to enter the password. I hope
to add an option so that the user can decide for themselves to send
or not send their identity. Note that we do not currently send the HTTP
'From:' header. Some users would like an option to turn it on.
> The FTP explanation certainly explains why my personal system is able
> to confuse the username part of it. And I know there's nothing anyone
> can do about the reverse-ip, but what about http referral field? Will
> there be a way to turn off (blank, actually) this field?
I would like to add a way to turn it off, but it won't happen in 2.0.
> Jeff, your efforts are certainly appreciated - your ability to get these
> things done is most valuable.
Thanks. I just wish I had been able to attend yesterdays cypherpunk
gathering rather than having to fix this bug. Sigh.
> Regarding the anonymizer:
> First, are there any working anonymizers yet?
> Second, is there any ISP that would be willing to give a home to the
> anonymizer?
I think that there are several. The one at CMU can be reached
at http://anonymizer.cs.cmu.edu:8080/open.html. I thought that
Sameer had one at c2.org, but a quick look at his web site didn't
turn up anything.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Return to January 1996
Return to “Scott Brickner <sjb@universe.digex.net>”