5. Security Considerations The news article format specified in this document does not provide any security services, such as confidentiality, authentication of sender, or non-repudiation. Instead, such services need to be layered above, using such protocols as S/MIME [RFC2633] or PGP/MIME [RFC3156], or below, using secure versions of news transport protocols. Additionally, several currently non-standardized protocols [PGPVERIFY] will hopefully be standardized in the near future. Message-IDs (Section 3.1.3) in news are required to be unique; articles are refused (in server-to-server transfer) if the ID has already been seen. So if you can predict the ID of a message, you can preempt it by posting a message (possibly to a quite different group) with the same ID, stopping your target message from propagating. Agents that generate message-ids for news articles SHOULD ensure that they are unpredictable.[< Prev] [TOC] [ Next >]
| Newer | Older |
|---|---|
| usefor-usefor May 2005 | usefor-usefor November 2004 usefor-usefor September 2004 News Article Format February 2000 RFC 2822 April 2001 |
--- ../usefor-usefor-02/Security_Considerations.out November 2004
+++ ../usefor-usefor-03/Security_Considerations.out April 2005
@@ -16,10 +16,4 @@
group) with the same ID, stopping your target message from
propagating. Agents that generate message-ids for news articles
SHOULD ensure that they are unpredictable.
-
- The filename parameter of the Archive-header (Section 3.2.11) can be
- used to attempt to store archived articles in inappropriate
- locations. Archiving sites should be suspicious of absolute filename
- parameters, as opposed to those relative to some location of the
- archiver's choosing.