From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Mon Nov 12 2001 - 12:58:30 CST
My latest repost of section 7 on Control messages has produced no
further response, so I presume people are happy with it (or as happy as
they are going to be :-) ). I said there would be some consequential
changes. Here they are:
6.14. Approved
The Approved header indicates the mailing addresses (and possibly the
full names) of the persons or entities approving the article for
posting.
Approved-content = From-content ; see 5.2
Each mailbox contained in the Approved-content MUST be that of the
person or entity in question, and one of those mailboxes MUST be that
of the actual injector of the article.
An Approved header is required in all postings to moderated
newsgroups. If this header is not present in such postings, then
relaying and serving agents MUST reject the article. Please see
section 8.2.2 for how injecting agents should treat postings to
moderated groups that do not contain this header.
An Approved header is also required in certain control messages, to
reduce the risk of accidental posting of same.
NOTE: The presence of an Approved header indicates that the
person or entity identified claims to have the necessary
authority to post the article in question, thus enabling sites
that dispute that authority to refuse to accept or to act upon
it. However, the mere presence of the header is insufficient to
provide assurance that it indeed originated from that person or
entity, and it is therefore desirable that it be included within
some digital signature scheme (see 7.1), especially in the case
of control messages (section 7).
[The next two relate to the change we made regarding cancel messages
that arrive before the articles canceled (paving the way for
Cancel-Locks, if we go that way in some future extension).]
8.3. Duties of a Relaying Agent
....
6. It SHOULD reject any article that matches an already received
cancel message (or an equivalent, Supersedes or Replaces header)
issued by its poster or by some other trusted entity.
8.4. Duties of a Serving Agent
....
5. It SHOULD reject any article that matches an already received
cancel message (or an equivalent, Supersedes or Replaces header)
issued by its poster or by some other trusted entity.
8.7. Duties of a Moderator
....
3. He adds an Approved header (6.14) containing a mailbox identifying
himself (or, if the article already contains an Approved header
from another moderator, he adds that identifying information to
it). He MAY also include that Approved header within some digital
signature scheme (see 7.1).
9.2.2. Compromise of System Integrity
The posting of unauthorized (as determined by the policies of the
relevant hierarchy) control messages can cause unwanted newsgroups to
be created, or wanted ones removed, from serving agents.
Administrators of such agents SHOULD therefore take steps to verify
the genuiness of such control messages, either by manual inspection
(particularly of the Approved header) or by checking any digital
signatures that may be provided (see 7.1). In addition, they SHOULD
periodically compare the newsgroups carried against any regularly
issued checkgroups messages, or against lists maintained by trusted
servers and accessed by out-of-band protocols such as FTP or HTTP.
Malicious cancel messages (7.3) can cause valid articles to be
removed from serving agents. Administrators of such agents SHOULD
therefore take steps to verify that they originated from the poster,
the injector or the moderator of the article, or that in other cases
they came from a place that is trusted to work within established
policies and customs. Such steps SHOULD include the checking of any
digital signatures, or other security devices, that may be provided
(see 7.1). Articles containing Replaces and/or Supersedes headers
(6.15) are effectively cancel messages, and SHOULD be subject to the
same checks. Currently, many sites choose to ignore all cancel
messages on account of the difficulty of conducting such checks.
Improperly configured serving agents can allow articles posted to
moderated groups onto the net without first being approved by the
moderator. Injecting agents SHOULD verify that moderated articles
were received from one of the entities given in their Approved
headers and/or check any digital signatures that may be provided (see
7.1).
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5