5. Security Considerations The news article format specified in this document does not provide any security services, such as confidentiality, authentication of sender, or non-repudiation. Instead, such services need to be layered above, using such protocols as S/MIME [RFC2633] or PGP/MIME [RFC3156], or below, using secure versions of news transport protocols. Additionally, several currently non-standardized protocols [PGPVERIFY] will hopefully be standardized in the near future. Message-IDs (Section 3.1.4) in news are required to be unique; articles are refused (in server-to-server transfer) if the ID has already been seen. So if you can predict the ID of a message, you can preempt it by posting a message (possibly to a quite different group) with the same ID, stopping your target message from propagating. Agents that generate message-ids for news articles SHOULD ensure that they are unpredictable. The filename parameter of the Archive-header (Section 3.2.11) can be used to attempt to store archived articles in inappropriate locations. Archiving sites should be suspicious of absolute filename parameters, as opposed to those relative to some location of the archiver's choosing.[< Prev] [TOC] [ Next >]
| Newer | Older |
|---|---|
| usefor-usefor May 2005 usefor-usefor April 2005 usefor-usefor November 2004 | News Article Format February 2000 RFC 2822 April 2001 |
--- ../usefor-article-03/Security_Considerations.out February 2000 +++ ../usefor-usefor-01/Security_Considerations.out September 2004 @@ -1,19 +1,25 @@ -9. Security Considerations +5. Security Considerations -[The following is taken from our previous draft, and is a much cut down -version of material in Son-of-1036. What else should be said, and should -more of the Son-of-1036 material be rescued?] + The news article format specified in this document does not provide + any security services, such as confidentiality, authentication of + sender, or non-repudiation. Instead, such services need to be + layered above, using such protocols as S/MIME [RFC2633] or PGP/MIME + [RFC3156], or below, using secure versions of news transport + protocols. Additionally, several currently non-standardized + protocols [PGPVERIFY] will hopefully be standardized in the near + future. - There is no security. Don't fool yourself. Usenet is a prime example - of an Internet Adhocratic-Anarchy; that is, an environment in which - trust forms the basis of all agreements. It works. + Message-IDs (Section 3.1.4) in news are required to be unique; + articles are refused (in server-to-server transfer) if the ID has + already been seen. So if you can predict the ID of a message, you + can preempt it by posting a message (possibly to a quite different + group) with the same ID, stopping your target message from + propagating. Agents that generate message-ids for news articles + SHOULD ensure that they are unpredictable. - Articles which are intended to have restricted distribution are - dependent on the goodwill of every site receiving them. The - "Archive: no" header is available as a signal to automated archivers - not to file an article, but that cannot be guaranteed. - The Distribution header makes provisions for articles which should - not be propagated beyond a cooperating subnet. The key security word - here is "cooperating". When a machine is not configured properly, it - may become uncooperative and tend to distribute all articles. + The filename parameter of the Archive-header (Section 3.2.11) can be + used to attempt to store archived articles in inappropriate + locations. Archiving sites should be suspicious of absolute filename + parameters, as opposed to those relative to some location of the + archiver's choosing.