Re: Approved header field content (was: Protocol changes in draft-allbery-usefor-usepro-00)
"Charles Lindsey" <chl@clerew.man.ac.uk> Wed, 03 January 2007 05:14 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H1ySb-0005CY-9m for usefor-archive@lists.ietf.org; Wed, 03 Jan 2007 00:14:45 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H1ySZ-00014e-RK for usefor-archive@lists.ietf.org; Wed, 03 Jan 2007 00:14:45 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l035CXpd063922 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 2 Jan 2007 22:12:33 -0700 (MST) (envelope-from owner-ietf-usefor@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id l035CXge063913; Tue, 2 Jan 2007 22:12:33 -0700 (MST) (envelope-from owner-ietf-usefor@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-usefor@mail.imc.org using -f
Received: from lon-mail-4.gradwell.net (lon-mail-4.gradwell.net [193.111.201.130]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id l035CUM5063864 for <ietf-usefor@imc.org>; Tue, 2 Jan 2007 22:12:31 -0700 (MST) (envelope-from news@clerew.man.ac.uk)
Received: from [80.175.135.89] ([80.175.135.89] helo=clerew.man.ac.uk country=GB ident=postmaster&pop3^clerew&man$ac#uk) by lon-mail-4.gradwell.net with esmtpa (Gradwell gwh-smtpd 1.237) id 459b3b3c.c156.281 for ietf-usefor@imc.org; Wed, 3 Jan 2007 05:12:28 +0000 (envelope-sender <news@clerew.man.ac.uk>)
Received: from clerew.man.ac.uk (localhost [127.0.0.1]) by clerew.man.ac.uk (8.13.7/8.13.7) with ESMTP id l035CSrS018080 for <ietf-usefor@imc.org>; Wed, 3 Jan 2007 05:12:28 GMT
Received: (from news@localhost) by clerew.man.ac.uk (8.13.7/8.13.7/Submit) id l035CRZp018077 for ietf-usefor@imc.org; Wed, 3 Jan 2007 05:12:27 GMT
To: ietf-usefor@imc.org
Xref: clerew local.usefor:24002
Path: clerew!chl
From: Charles Lindsey <chl@clerew.man.ac.uk>
Subject: Re: Approved header field content (was: Protocol changes in draft-allbery-usefor-usepro-00)
Message-ID: <JB9AqL.3M2@clerew.man.ac.uk>
X-Newsreader: NN version 6.5.2 (NOV)
References: <JA8C4p.Anu@clerew.man.ac.uk> <873b7i9b2m.fsf@windlord.stanford.edu> <JAHJs5.FHC@clerew.man.ac.uk> <873b6ygxjr.fsf_-_@windlord.stanford.edu>
Date: Tue, 02 Jan 2007 19:42:21 +0000
Lines: 65
Sender: owner-ietf-usefor@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-usefor/mail-archive/>
List-Unsubscribe: <mailto:ietf-usefor-request@imc.org?body=unsubscribe>
List-ID: <ietf-usefor.imc.org>
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
In <873b6ygxjr.fsf_-_@windlord.stanford.edu> Russ Allbery <rra@stanford.edu> writes: >Charles Lindsey <chl@clerew.man.ac.uk> writes: >> Russ Allbery <rra@stanford.edu> writes: >>> Charles Lindsey <chl@clerew.man.ac.uk> writes: >>>> 30. [-1] (5.2) Nothing said about content of Approved header. >>>> Surely, it SHOULD identify the person/identity/role of the issuer, ... >>> Intentional change. >>> The content of the Approved header serves no protocol purpose, and >>> USEFOR already adequately covers the definition of its content. >>> Control message authorization is done on the basis of the Sender or >>> From header (preferrably in combination with a digital signature). >The description in USEFOR is: > The Approved header field indicates the mailing addresses (and > possibly the full names) of the persons or entities approving the > article for posting. Its principal uses are in moderated articles > and in group control messages; see [I-D.ietf-usefor-usepro]. Which certainly implies that an Approved header needs to contain an email address identifying the person responsible for posting/authorizing/whatever (which may well be the same as what is in the From/Sender, or it may be the 'role' which the From/Sender person claims to be fulfilling). But, either way, USEPRO needs to ensure that the Approved header contains what USEFOR says it is supposed to contain. You have covered this properly in section 3.8 in the case of moderators. All I am asking is that you cover it with similar wording in the case of group control messages. >The Netnews protocol currently does not deal with authorization at all (an >obvious flaw noted in Security Considerations). Any authorization >information you want to use has to be derived from the underlying >transport protocol or from unstandardized extensions such as digital >signatures. No, that is 'authentication'. But I have written about 'authorization' in another thread. >If you're referring to group control mesages, said identity is checked >against the *From or Sender* header field, not the Approved header, at >least in INN. INN ignores the contents of the Approved header. I don't >know if C News uses the contents of the Approved header field for control >message permissions, but my impression from having maintained control.ctl >for some years is that most everyone uses From/Sender. Yes, I have looked at CNews and I was wrong. It looks at the From (not even Sender AFAICS) and compares that with what it is configured to honour. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
- Protocol changes in draft-allbery-usefor-usepro-00 Charles Lindsey
- Re: Protocol changes in draft-allbery-usefor-usep… Russ Allbery
- Re: Protocol changes in draft-allbery-usefor-usep… Russ Allbery
- Re: Protocol changes in draft-allbery-usefor-usep… Russ Allbery
- Injection-Date (Re: Protocol changes in draft-all… Harald Alvestrand
- Injection-Date and reinjection (was Protocol chan… Charles Lindsey
- Re: Protocol changes in draft-allbery-usefor-usep… Frank Ellermann
- Re: Protocol changes in draft-allbery-usefor-usep… Russ Allbery
- Re: Protocol changes in draft-allbery-usefor-usep… Frank Ellermann
- Re: Protocol changes in draft-allbery-usefor-usep… Forrest J. Cavalier III
- Message IDs and moderators (was: Protocol changes… Russ Allbery
- Re: Protocol changes in draft-allbery-usefor-usep… Forrest J. Cavalier III
- Re: Message IDs and moderators Forrest J. Cavalier III
- Re: Message IDs and moderators Russ Allbery
- Re: Protocol changes in draft-allbery-usefor-usep… Harald Alvestrand
- Re: Protocol changes in draft-allbery-usefor-usep… Frank Ellermann
- Re: Protocol changes in draft-allbery-usefor-usep… Frank Ellermann
- Re: Protocol changes in draft-allbery-usefor-usep… Charles Lindsey
- Re: Protocol changes in draft-allbery-usefor-usep… Charles Lindsey
- Re: Protocol changes in draft-allbery-usefor-usep… Charles Lindsey
- Re: Protocol changes in draft-allbery-usefor-usep… Charles Lindsey
- More Path notes (was: Protocol changes in draft-a… Russ Allbery
- Injecting agents and From (was: Re: Protocol chan… Russ Allbery
- Moderation fowarding wording for injecting agents… Russ Allbery
- Xref and relaying agents (was: Protocol changes i… Russ Allbery
- Serving agents and duplicates (was: Protocol chan… Russ Allbery
- Scope of application/* media types (was: Protocol… Russ Allbery
- Approved header field content (was: Protocol chan… Russ Allbery
- application/news-groupinfo in newgroup (was: Prot… Russ Allbery
- Re: Scope of application/* media types (was: Prot… Ned Freed
- Re: Injection-Date and reinjection Russ Allbery
- Re: More Path notes Frank Ellermann
- Re: More Path notes Russ Allbery
- Re: More Path notes (was: Protocol changes in dra… Charles Lindsey
- Re: More Path notes Russ Allbery
- Path case sensitivity (Re: More Path notes) Harald Alvestrand
- Re: Serving agents and duplicates (was: Protocol … Charles Lindsey
- Re: application/news-groupinfo in newgroup (was: … Charles Lindsey
- Re: Injecting agents and From (was: Re: Protocol … Charles Lindsey
- Re: Xref and relaying agents (was: Protocol chang… Charles Lindsey
- Re: Approved header field content (was: Protocol … Charles Lindsey
- Re: Scope of application/* media types (was: Prot… Charles Lindsey
- Re: Injecting agents and From Russ Allbery
- Re: Xref and relaying agents Russ Allbery
- Re: application/news-groupinfo in newgroup Russ Allbery
- Re: Scope of application/* media types Russ Allbery
- Re: Xref and relaying agents Harald Alvestrand
- Re: Injection-Date and reinjection Charles Lindsey
- Re: More Path notes Charles Lindsey
- Re: Injection-Date and reinjection Frank Ellermann
- Re: Serving agents and duplicates (was: Protocol … Charles Lindsey
- Re: Xref and relaying agents Charles Lindsey
- Re: Protocol changes in draft-allbery-usefor-usep… Charles Lindsey
- ISSUE: Injecting agents and From Charles Lindsey
- Re: ISSUE: Injecting agents and From Harald Alvestrand
- Re: Serving agents and duplicates Harald Alvestrand
- Re: Xref and relaying agents Harald Alvestrand
- Re: Xref and relaying agents Frank Ellermann
- Re: Serving agents and duplicates Russ Allbery
- Re: ISSUE: Injecting agents and From Charles Lindsey
- Re: Xref and relaying agents Charles Lindsey
- Re: Serving agents and duplicates Charles Lindsey
- Re: Serving agents and duplicates Russ Allbery
- Re: Xref and relaying agents Russ Allbery
- Re: Serving agents and duplicates Charles Lindsey
- Re: Serving agents and duplicates Russ Allbery
- Re: Xref and relaying agents Charles Lindsey
- Minor change: Xref wording (was: Xref and relayin… Russ Allbery
- Re: Minor change: Xref wording (was: Xref and rel… Seth Breidbart
- Re: Minor change: Xref wording Russ Allbery
- Re: Minor change: Xref wording Frank Ellermann
- Re: Minor change: Xref wording Seth Breidbart
- Re: Minor change: Xref wording Russ Allbery
- Re: Minor change: Xref wording Seth Breidbart
- Re: Minor change: Xref wording Frank Ellermann
- Re: Minor change: Xref wording Russ Allbery
- Re: Minor change: Xref wording Seth Breidbart
- Re: Minor change: Xref wording Russ Allbery
- Re: Minor change: Xref wording Charles Lindsey
- Re: Minor change: Xref wording (was: Xref and rel… Charles Lindsey
- Re: Serving agents and duplicates Charles Lindsey
- Re: Serving agents and duplicates Russ Allbery
- Re: Serving agents and duplicates Forrest J. Cavalier III
- Re: Minor change: Xref wording Frank Ellermann
- Re: Serving agents and duplicates Frank Ellermann
- Re: Serving agents and duplicates Forrest J. Cavalier III
- Re: Minor change: Xref wording Russ Allbery
- USEAGE (was: Serving agents and duplicates) Frank Ellermann
- Re: Serving agents and duplicates Harald Alvestrand
- Re: USEAGE Harald Alvestrand
- Re: Serving agents and duplicates Frank Ellermann
- Re: USEAGE Frank Ellermann
- Re: USEAGE Russ Allbery
- Re: Minor change: Xref wording Russ Allbery
- Re: USEAGE Richard Clayton
- Re: USEAGE Frank Ellermann
- Re: USEAGE Russ Allbery
- Re: Minor change: Xref wording Charles Lindsey
- Re: Serving agents and duplicates Charles Lindsey
- Re: USEAGE Charles Lindsey
- Re: Serving agents and duplicates Charles Lindsey
- Re: USEAGE Charles Lindsey
- Re: USEAGE (was: Serving agents and duplicates) Charles Lindsey
- Re: USEAGE Frank Ellermann
- Re: USEAGE Russ Allbery
- Re: Serving agents and duplicates Frank Ellermann
- Re: Injection-Date and reinjection Forrest J. Cavalier III
- Re: USEAGE Charles Lindsey
- Re: Injection-Date and reinjection Charles Lindsey
- Re: USEAGE Frank Ellermann
- Re: USEAGE Russ Allbery
- Re: Injection-Date and reinjection Russ Allbery
- #1416: USEPRO 3.9: Reinjection and Injection-Date… Russ Allbery
- Re: Injection-Date and reinjection Forrest J. Cavalier III
- Re: Injection-Date and reinjection Russ Allbery
- Re: Injection-Date and reinjection Forrest J. Cavalier III
- #1416: USEPRO 3.9: Reinjection and Injection-Date… Russ Allbery
- Re: #1416: USEPRO 3.9: Reinjection and Injection-… Forrest J. Cavalier III
- Re: #1416: USEPRO 3.9: Reinjection and Injection-… Forrest J. Cavalier III
- Re: Injection-Date and reinjection Charles Lindsey
- Re: Injection-Date and reinjection Charles Lindsey
- Re: Injection-Date and reinjection Charles Lindsey
- Re: Injection-Date and reinjection Forrest J. Cavalier III
- Re: Injection-Date and reinjection Charles Lindsey
- Re: Injection-Date and reinjection Forrest J. Cavalier III