5. Security Considerations The news article format specified in this document does not provide any security services, such as confidentiality, authentication of sender, or non-repudiation. Instead, such services need to be layered above, using such protocols as S/MIME [RFC2633] or PGP/MIME [RFC3156], or below, using secure versions of news transport protocols. Additionally, several currently non-standardized protocols [PGPVERIFY] will hopefully be standardized in the near future. Message-IDs (Section 3.1.3) in news are required to be unique; articles are refused (in server-to-server transfer) if the ID has already been seen. So if you can predict the ID of a message, you can preempt it by posting a message (possibly to a quite different group) with the same ID, stopping your target message from propagating. Agents that generate message-ids for news articles SHOULD ensure that they are unpredictable. The filename parameter of the Archive-header (Section 3.2.11) can be used to attempt to store archived articles in inappropriate locations. Archiving sites should be suspicious of absolute filename parameters, as opposed to those relative to some location of the archiver's choosing.[< Prev] [TOC] [ Next >]
| Newer | Older |
|---|---|
| usefor-usefor May 2005 usefor-usefor April 2005 | usefor-usefor September 2004 News Article Format February 2000 RFC 2822 April 2001 |
--- ../usefor-usefor-01/Security_Considerations.out September 2004
+++ ../usefor-usefor-02/Security_Considerations.out November 2004
@@ -9,7 +9,7 @@
protocols [PGPVERIFY] will hopefully be standardized in the near
future.
- Message-IDs (Section 3.1.4) in news are required to be unique;
+ Message-IDs (Section 3.1.3) in news are required to be unique;
articles are refused (in server-to-server transfer) if the ID has
already been seen. So if you can predict the ID of a message, you
can preempt it by posting a message (possibly to a quite different