In <49B7A7CE.1000602@xxxxxxxxxxxxx> Harald Alvestrand <harald@xxxxxxxxxxxxx> writes:
Lisa has scheduled the USEPRO document for IESG discussion on April 2.
Let's hope this is the end of this work.
But this is NOT yet the end of this work, since we still have not resolved
Issue 1586.
The last contribution on this was from Russ on Feb 1st
<http://www.imc.org/ietf-usefor/mail-archive/msg04517.html>, the relevant
part of which is:
In <49883847.3080601@xxxxxxxxxxxxx> Harald Alvestrand <harald@xxxxxxxxxxxxx> writes:
>Charles Lindsey wrote:
>>
>> NOTE: Whereas the presence of two "POSTED" <diag-keyword>s will often
>> indicate a malicious attempt to disguise the true origin of an article,
>> it could also arise following some ususual gatewaying or injecting
>> scenario (taking advantage of the "MAY contain" above), in which case
>> it could be useful for detecting unintended loops or mismanaged
>> gateways. The whole intent of these <path-diagnostic)s is to assist
>> humans in assessing unusual situations, and it would be unwise for
>> subsequent agents automatically to assume one possibility or the other.
>>
>I disagree with this idea, and think we should keep the SHOULD NOT.
>Not throwing away information can be accomplished by tricks like
>Old-Path:. As the proposed note effectively says, saying that multiple
>POSTs are generally acceptable is an invitation to the script kiddies to
>play with it.
If the script kiddies try it, they will get caught out because two POSTEDs
will then be present and any suspicion of trollery will be confirmed.
But in the case of some carefully crafted Gatewaying scheme, or, worse, in
the case of some broken Gatewaying scheme that ought to be spotted,
destroying the evidence will do harm. And I doubt people will want to
bother with Old-Post hacks.
There are plenty of Netkops around who will gleefully denounce the trolls,
and plenty of experienced newsadmins who will notice indications of broken
Gatewaying (especially if consistently repeated) and quietly warn those
causing it.