From: Bruce Lilly (blilly@erols.com)
Date: Sat Jul 03 2004 - 10:03:45 CDT
Charles Lindsey wrote:
> I had always understood that any cmsg in Subject was always ignored if a
> genuine Control-header was present.
I'm assuming that you omitted the word "not" before "present", and either
didn't catch the error in proofreading or didn't proofread -- otherwise
your message makes no sense at all.
> IOW
>
> Subject: cmsg newgroup example.foo
> Control: newgroup example.bar
>
> was guaranteed to create example.bar only.
>
> Anyway, for anything bad to happen, two things are required:
>
> 1. Some servers need to exist that still act on 'cmsg'
> 2. Some administrator needs to issue such a 'cmsg' without a proper
> Control-header.
Wrong. it is not necessary for an *administrator* to be the issuer, any
poster will do (with an Approved field in some cases).
> And I don't think it will provide any fresh opportunities for a malicious
> canceller
You mean such as clarinet, whose cmsg Cancels (at least at one time)
constituted a volume as great as the rest of Usenet combined?
> Just say that Subject: cmsg MUST NOT be interpreted as a control message
> (which is what the current draft says) and leave it at that.
We still need to consider existing software -- B news and Cnews do
interpret cmsg as a control message, and uttering the magic words
"MUST NOT" will not cause them to cease doing so. We need to decide
on an appropriate means of dealing with this backwards compatibility
issue.