usefor-article-05 July 2001
[< Prev]
[TOC] [ Next >]
9.1. Leakage
Articles which are intended to have restricted distribution are
dependent on the goodwill of every site receiving them. The
"Archive: no" header (6.12) is available as a signal to automated
archivers not to file an article, but that cannot be guaranteed.
The Distribution header makes provision for articles which should not
be propagated beyond a cooperating subnet. The key security word here
is "cooperating". When a machine is not configured properly, it may
become uncooperative and tend to distribute all articles.
The flooding algorithm is extremely good at finding any path by which
articles can leave a subnet with supposedly restrictive boundaries,
and substantial administrative effort is required to avoid this.
Organizations wishing to control such leakage are strongly advised to
designate a small number of official gateways to handle all news
exchange with the outside world (however, making such gateways too
restrictive can also encourage the setting up of unofficial paths
which can be exceedingly hard to track down).
The sendme control message (7.6), insofar as it is still used, can be
used to request articles with a given message identifier, even one
that is not supposed to be supplied to the requestor.
[< Prev]
[TOC] [ Next >]
#Diff to first older
--- ../usefor-article-04/Leakage.out April 2001
+++ ../usefor-article-05/Leakage.out July 2001
@@ -2,8 +2,8 @@
Articles which are intended to have restricted distribution are
dependent on the goodwill of every site receiving them. The
- "Archive: no" header is available as a signal to automated archivers
- not to file an article, but that cannot be guaranteed.
+ "Archive: no" header (6.12) is available as a signal to automated
+ archivers not to file an article, but that cannot be guaranteed.
The Distribution header makes provision for articles which should not
be propagated beyond a cooperating subnet. The key security word here