usefor-article-04 April 2001

[< Prev] [TOC] [ Next >] 
9.1.  Leakage

   Articles which are intended to have restricted distribution are
   dependent on the goodwill of every site receiving them.  The
   "Archive: no" header is available as a signal to automated archivers
   not to file an article, but that cannot be guaranteed.

   The Distribution header makes provision for articles which should not
   be propagated beyond a cooperating subnet. The key security word here
   is "cooperating". When a machine is not configured properly, it may
   become uncooperative and tend to distribute all articles.

   The flooding algorithm is extremely good at finding any path by which
   articles can leave a subnet with supposedly restrictive boundaries,
   and substantial administrative effort is required to avoid this.
   Organizations wishing to control such leakage are strongly advised to
   designate a small number of official gateways to handle all news
   exchange with the outside world (however, making such gateways too
   restrictive can also encourage the setting up of unofficial paths
   which can be exceedingly hard to track down).

   The sendme control message (7.6), insofar as it is still used, can be
   used to request articles with a given message identifier, even one
   that is not supposed to be supplied to the requestor.
[< Prev] [TOC] [ Next >]
#Diff to first older
NewerOlder
usefor-usepro February 2005
usefor-usepro December 2004
usefor-usepro September 2004
usefor-usepro August 2004
News Article Format and Transmission May 2004
News Article Format and Transmission November 2003
News Article Format June 2003
News Article Format April 2003
News Article Format February 2003
News Article Format August 2002
News Article Format May 2002
News Article Format November 2001
News Article Format July 2001
Son of 1036 June 1994 

--- ../s-o-1036/Leakage.out          June 1994
+++ ../usefor-article-04/Leakage.out          April 2001
@@ -1,47 +1,25 @@
-11.1. Leakage
+9.1.  Leakage
 
-The  most  obvious  form  of  security  problem with news is
-"leakage" of  articles  which  are  intended  to  have  only
-restricted circulation.  The flooding algorithm is EXTREMELY
-good at finding any path by which articles can leave a  sub-
-net  with  supposedly-restrictive  boundaries.   Substantial
-administrative effort is required to ensure that local news-
-groups remain local, unless connections to the outside world
-are tightly restricted.
-
-A related problem is that the sendme control message can  be
-used  to ask for any article by its message ID.  The useful-
-ness of this has declined  as  message-ID  generation  algo-
-rithms have become less predictable, but it remains a poten-
-tial problem for "secure" newsgroups.  Hosts with such news-
-groups  may  wish  to  disable  the  sendme  control message
-entirely.
-
-The sendsys, version,  and  whogets  control  messages  also
-allow  "outsiders"  to  request  information  from "inside",
-which may reveal details of internal topology  (etc.)   that
-are  considered  confidential.   (Note that at least limited
-openness about such matters may be a condition of membership
-in such networks, e.g. Usenet.)
-
-Organizations  wishing to control these forms of leakage are
-strongly advised to designate a small  number  of  "official
-gateway"  hosts to handle all news exchange with the outside
-world, so that a bounded amount of administrative effort  is
-needed   to  control  propagation  and  eliminate  problems.
-Attempts to keep news out entirely, by refusing  to  support
-
-INTERNET DRAFT to be        NEWS                   sec. 11.1
-
-
-an  official  gateway,  typically result in large numbers of
-unofficial partial gateways appearing  over  time.   Such  a
-configuration is much more difficult to troubleshoot.
-
-A somewhat-related problem is the possibility of proprietary
-material being disclosed unintentionally  by  a  poster  who
-does  not  realize  how far his words will propagate, either
-from sheer misunderstanding or because of  errors  made  (by
-human or software) in followup preparation.  There is little
-that can be done about this except education.
+   Articles which are intended to have restricted distribution are
+   dependent on the goodwill of every site receiving them.  The
+   "Archive: no" header is available as a signal to automated archivers
+   not to file an article, but that cannot be guaranteed.
+
+   The Distribution header makes provision for articles which should not
+   be propagated beyond a cooperating subnet. The key security word here
+   is "cooperating". When a machine is not configured properly, it may
+   become uncooperative and tend to distribute all articles.
+
+   The flooding algorithm is extremely good at finding any path by which
+   articles can leave a subnet with supposedly restrictive boundaries,
+   and substantial administrative effort is required to avoid this.
+   Organizations wishing to control such leakage are strongly advised to
+   designate a small number of official gateways to handle all news
+   exchange with the outside world (however, making such gateways too
+   restrictive can also encourage the setting up of unofficial paths
+   which can be exceedingly hard to track down).
+
+   The sendme control message (7.6), insofar as it is still used, can be
+   used to request articles with a given message identifier, even one
+   that is not supposed to be supplied to the requestor.
Documents were processed to this format by Forrest J. Cavalier III