[ticker-dev] ticker-3.0 spec - Replace on Message ID

[David Arnold]

-->"Martin" == Wanicki, Martin <Martin.Wanicki at Australia.Boeing.com> writes:

  Martin> What was the justification behind allowing any abitory
  Martin> individual or elvin producer to maliciously modify say, my
  Martin> stock price notifications 

the current replacement mechanism requires that the original message
include the REPLACEMENT field to enable subsequent messages to
overwrite it.

this provides a level of security, at the cost of requiring an
additional field in messages able to be replaced.

  Martin> Under the current implementation it is still possible to
  Martin> spoof a notification, but ONLY if it had a replacement field
  Martin> in the the first/original notif I see this as kind of
  Martin> protecting the common tickertape notifications.

agreed.

  Martin> So please, dont allow any notification to be clobbered by
  Martin> replacement.

would anyone like to speak in favour of allowing replacement by
Message-Id?

  Martin> In fact I'd prefer that the replacement option to be key
  Martin> based, so that only the bona fide originator of a
  Martin> notification has the right to recall or change the notif.

using keys could ensure that the replacement message was authentic,
but this is separate from the replacement mechanism itself, i think?






d