usefor-usefor-04 May 2005

[< Prev] [TOC] [ Next >] 
5.  Security Considerations

   The news article format specified in this document does not provide
   any security services, such as confidentiality, authentication of
   sender, or non-repudiation.  Instead, such services need to be
   layered above, using such protocols as S/MIME [RFC2633] or PGP/MIME
   [RFC3156], or below, using secure versions of news transport
   protocols.  Additionally, several currently non-standardized
   protocols [PGPVERIFY] will hopefully be standardized in the near
   future.

   Message identifiers (Section 3.1.3) in news are required to be
   unique; articles are refused (in server-to-server transfer) if the
   identifier has already been seen.  So if you can predict the
   identifier of a message, you can preempt it by posting a message
   (possibly to a quite different group) with the same message
   identifier, stopping your target message from propagating.  Agents
   that generate message identifiers for news articles SHOULD ensure
   that they are unpredictable.
[< Prev] [TOC] [ Next >]
#Diff to first older
NewerOlder
usefor-usefor April 2005
usefor-usefor November 2004
usefor-usefor September 2004
News Article Format February 2000
RFC 2822 April 2001 

--- ../usefor-usefor-03/Security_Considerations.out          April 2005
+++ ../usefor-usefor-04/Security_Considerations.out          May 2005
@@ -9,11 +9,12 @@
    protocols [PGPVERIFY] will hopefully be standardized in the near
    future.
 
-   Message-IDs (Section 3.1.3) in news are required to be unique;
-   articles are refused (in server-to-server transfer) if the ID has
-   already been seen.  So if you can predict the ID of a message, you
-   can preempt it by posting a message (possibly to a quite different
-   group) with the same ID, stopping your target message from
-   propagating.  Agents that generate message-ids for news articles
-   SHOULD ensure that they are unpredictable.
+   Message identifiers (Section 3.1.3) in news are required to be
+   unique; articles are refused (in server-to-server transfer) if the
+   identifier has already been seen.  So if you can predict the
+   identifier of a message, you can preempt it by posting a message
+   (possibly to a quite different group) with the same message
+   identifier, stopping your target message from propagating.  Agents
+   that generate message identifiers for news articles SHOULD ensure
+   that they are unpredictable.
Documents were processed to this format by Forrest J. Cavalier III