[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Use of message disposition notification
It SHOULD reject any proto-article which contains a header field
deprecated for Netnews (see, for example, [RFC3798] (Hansen, T. and
G. Vaudreuil, "Message Disposition Notification," May 2004.)).
RFC 3798 end of section 2.1:
Messages posted to newsgroups SHOULD NOT have a Disposition-
The reason is that it could be used to send mail bombs. I suppose we could
mention that reason in our Security Considerations.
It is not easy at all to find out such headers!! I wonder how implementors
will manage to know the headers they should look at...
By the way, as you speak about security considerations, I see that USEPRO
references both pgpmoose and pgpverify.
Wouldn't a note on Cancel-Lock be added in 6.1? ("Currently, many sites are
ignoring all cancel control messages and Supersedes header fields due to
the difficulty of authenticating them and their widespread abuse.")
It could be said that Cancel-Lock might be used (draft-ietf-usefor-cancel-lock-01)
and also NoCeM, which is more and more spread nowadays.
« Les légionnaires ont adopté pour attaquer la redoutable tactique
dite de la tortue. Pour battre en retraite, les légionnaires
adoptent l'efficace tactique dite du lièvre. » (Astérix)