On Wed, Aug 01, 2012 at 01:20:08PM -0400, Daniel Kahn Gillmor wrote: > The proposed feature could also exacerbate the previously-discussed > attack vector [0] whereby a malicious Message-ID collision can be used > to hide messages from the victim's mailstore. > > [0] id:87k42vrqve.fsf@pip.fifthhorseman.net I didn't find the reference above but, if you're speaking about the proposed patch only, I don't think it's the case. The proposed patch only deduplicate file-identical (up to checksums, that is) messages in maildirs: a Message-ID collision is not enough to hide a message. But your comment is very interesting anyhow, as deduplicating on the basis of Message-ID is indeed something I've discussed with Kevin as future work. You just provided an extra argument not to enable that by default. Cheers. -- Stefano Zacchiroli zack@{upsilon.cc,pps.jussieu.fr,debian.org} . o . Maître de conférences ...... http://upsilon.cc/zack ...... . . o Debian Project Leader ....... @zack on identi.ca ....... o o o « the first rule of tautology club is the first rule of tautology club »