1996-01-15 - Re: (none) [httpd finding your identity]

Header Data

From: Jeff Weinstein <jsw@netscape.com>
To: don@cs.byu.edu
Message Hash: 7a9f864a949720a4bb5831f4db744d4b634a65d75e685a16cf1553164b38f098
Message ID: <30F9FEF0.6EAA@netscape.com>
Reply To: <199601150454.VAA00449@wero.cs.byu.edu>
UTC Datetime: 1996-01-15 07:34:00 UTC
Raw Date: Mon, 15 Jan 1996 15:34:00 +0800

Raw message

From: Jeff Weinstein <jsw@netscape.com>
Date: Mon, 15 Jan 1996 15:34:00 +0800
To: don@cs.byu.edu
Subject: Re: (none) [httpd finding your identity]
In-Reply-To: <199601150454.VAA00449@wero.cs.byu.edu>
Message-ID: <30F9FEF0.6EAA@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Don wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> > I've removed the code that uses the e-mail address as the
> > FTP password for anonymous FTPs.
> 
> Does that mean that general-purpose ftp won't be accepted unless the
> user gives up their email? Greaaaaaaat... Can't have it both ways, I
> guess. What can be added as far as user control; inline vs non-inline,
> for example.

  I'm not sure I understand what you are saying, so I will try to
re-state what we are doing.  By default for anonymous FTP we will
send the string "mozilla@" for the anon password.  This is similar
to Mosaic and Internet Explorer, which send "webuser@".  If the
user wants to send their real address, or anything else, they can
type an ftp URL that will allow them to enter the password.  I hope
to add an option so that the user can decide for themselves to send
or not send their identity.  Note that we do not currently send the HTTP
'From:' header.  Some users would like an option to turn it on.

> The FTP explanation certainly explains why my personal system is able
> to confuse the username part of it. And I know there's nothing anyone
> can do about the reverse-ip, but what about http referral field? Will
> there be a way to turn off (blank, actually) this field?

  I would like to add a way to turn it off, but it won't happen in 2.0.

> Jeff, your efforts are certainly appreciated - your ability to get these
> things done is most valuable.

  Thanks.  I just wish I had been able to attend yesterdays cypherpunk
gathering rather than having to fix this bug.  Sigh.

> Regarding the anonymizer:
> First, are there any working anonymizers yet?
> Second, is there any ISP that would be willing to give a home to the
>   anonymizer?

  I think that there are several.  The one at CMU can be reached
at http://anonymizer.cs.cmu.edu:8080/open.html.  I thought that
Sameer had one at c2.org, but a quick look at his web site didn't
turn up anything.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





Thread