From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Tue Sep 21 1999 - 09:46:22 CDT
In <yl7lllblsb.fsf@windlord.stanford.edu> Russ Allbery <rra@stanford.edu> writes:
>> 6.2. Sender
>Can we please deprecate or eliminate this? Nothing on Usenet does
>anything good with it, it's not useful for authentication, if it were
>useful for authentication that information would be better put into some
>header incorporating NNTP-Posting-Host and X-Trace information, it's
>incorrectly used for replies if you include it, servers get bright ideas
>like using it for authenticating cancels if you include it, and by and
>large it's pure clutter.
No, we are trying to follow mail practice here, and DRUMS is quite
explicit as to when it MUST be included. When used in that way, it is, at
worst, harmless, and at best give some useful extra information.
>At the *very* least, please add something along the lines of:
> NOTE: Some implementations currently require the Sender header of
> a cancel control message to match the Sender header of the article
> being cancelled. Posting agents should be aware of this when
> generating cancel messages, but use of the Sender header for any
> form of authentication including this practice is deprecated by
> this standard as it adds no real security and needless confusion
> and complexity. Sender SHOULD be treated by all agents as a
> comment and not used for any purpose.
Yes, but this needs to be said in the section on Cancel messages. I have
made a note to that effect for when we get there.
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Email: chl@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5