IETF Logo Mail Archive

Re: Approved header field content (was: Protocol changes in draft-allbery-usefor-usepro-00)

"Charles Lindsey" <chl@clerew.man.ac.uk> Wed, 03 January 2007 05:14 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H1ySb-0005CY-9m for usefor-archive@lists.ietf.org; Wed, 03 Jan 2007 00:14:45 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H1ySZ-00014e-RK for usefor-archive@lists.ietf.org; Wed, 03 Jan 2007 00:14:45 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l035CXpd063922 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 2 Jan 2007 22:12:33 -0700 (MST) (envelope-from owner-ietf-usefor@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l035CXge063913; Tue, 2 Jan 2007 22:12:33 -0700 (MST) (envelope-from owner-ietf-usefor@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-usefor@mail.imc.org using -f
Received: from lon-mail-4.gradwell.net (lon-mail-4.gradwell.net [193.111.201.130]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l035CUM5063864 for <ietf-usefor@imc.org>; Tue, 2 Jan 2007 22:12:31 -0700 (MST) (envelope-from news@clerew.man.ac.uk)
Received: from [80.175.135.89] ([80.175.135.89] helo=clerew.man.ac.uk country=GB ident=postmaster&pop3^clerew&man$ac#uk) by lon-mail-4.gradwell.net with esmtpa (Gradwell gwh-smtpd 1.237) id 459b3b3c.c156.281 for ietf-usefor@imc.org; Wed, 3 Jan 2007 05:12:28 +0000 (envelope-sender <news@clerew.man.ac.uk>)
Received: from clerew.man.ac.uk (localhost [127.0.0.1]) by clerew.man.ac.uk (8.13.7/8.13.7) with ESMTP id l035CSrS018080 for <ietf-usefor@imc.org>; Wed, 3 Jan 2007 05:12:28 GMT
Received: (from news@localhost) by clerew.man.ac.uk (8.13.7/8.13.7/Submit) id l035CRZp018077 for ietf-usefor@imc.org; Wed, 3 Jan 2007 05:12:27 GMT
To: ietf-usefor@imc.org
Xref: clerew local.usefor:24002
Path: clerew!chl
From: Charles Lindsey <chl@clerew.man.ac.uk>
Subject: Re: Approved header field content (was: Protocol changes in draft-allbery-usefor-usepro-00)
Message-ID: <JB9AqL.3M2@clerew.man.ac.uk>
X-Newsreader: NN version 6.5.2 (NOV)
References: <JA8C4p.Anu@clerew.man.ac.uk> <873b7i9b2m.fsf@windlord.stanford.edu> <JAHJs5.FHC@clerew.man.ac.uk> <873b6ygxjr.fsf_-_@windlord.stanford.edu>
Date: Tue, 02 Jan 2007 19:42:21 +0000
Lines: 65
Sender: owner-ietf-usefor@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-usefor/mail-archive/>
List-Unsubscribe: <mailto:ietf-usefor-request@imc.org?body=unsubscribe>
List-ID: <ietf-usefor.imc.org>
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15

In <873b6ygxjr.fsf_-_@windlord.stanford.edu> Russ Allbery <rra@stanford.edu> writes:

>Charles Lindsey <chl@clerew.man.ac.uk> writes:
>> Russ Allbery <rra@stanford.edu> writes:
>>> Charles Lindsey <chl@clerew.man.ac.uk> writes:

>>>> 30. [-1] (5.2) Nothing said about content of Approved header.

>>>> Surely, it SHOULD identify the person/identity/role of the issuer, ...

>>> Intentional change.

>>> The content of the Approved header serves no protocol purpose, and
>>> USEFOR already adequately covers the definition of its content.
>>> Control message authorization is done on the basis of the Sender or
>>> From header (preferrably in combination with a digital signature).

>The description in USEFOR is:

>   The Approved header field indicates the mailing addresses (and
>   possibly the full names) of the persons or entities approving the
>   article for posting.  Its principal uses are in moderated articles
>   and in group control messages; see [I-D.ietf-usefor-usepro].

Which certainly implies that an Approved header needs to contain an email
address identifying the person responsible for
posting/authorizing/whatever (which may well be the same as what is in the
From/Sender, or it may be the 'role' which the From/Sender person claims
to be fulfilling).

But, either way, USEPRO needs to ensure that the Approved header contains
what USEFOR says it is supposed to contain. You have covered this properly
in section 3.8 in the case of moderators. All I am asking is that you
cover it with similar wording in the case of group control messages.

>The Netnews protocol currently does not deal with authorization at all (an
>obvious flaw noted in Security Considerations).  Any authorization
>information you want to use has to be derived from the underlying
>transport protocol or from unstandardized extensions such as digital
>signatures.

No, that is 'authentication'. But I have written about 'authorization' in
another thread.

>If you're referring to group control mesages, said identity is checked
>against the *From or Sender* header field, not the Approved header, at
>least in INN.  INN ignores the contents of the Approved header.  I don't
>know if C News uses the contents of the Approved header field for control
>message permissions, but my impression from having maintained control.ctl
>for some years is that most everyone uses From/Sender.

Yes, I have looked at CNews and I was wrong. It looks at the From (not
even Sender AFAICS) and compares that with what it is configured to
honour.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web: http://www.cs.man.ac.uk/~chl
Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

v2.23.0 | Report a Bug | By Email