IETF Logo Mail Archive

Approved header field content (was: Protocol changes in draft-allbery-usefor-usepro-00)

Russ Allbery <rra@stanford.edu> Fri, 29 December 2006 22:17 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H0Q30-0005rw-AL for usefor-archive@lists.ietf.org; Fri, 29 Dec 2006 17:17:54 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H0Q2w-0003PD-GD for usefor-archive@lists.ietf.org; Fri, 29 Dec 2006 17:17:54 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id kBTME2kx077609; Fri, 29 Dec 2006 15:14:02 -0700 (MST) (envelope-from owner-ietf-usefor@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id kBTME2uT077608; Fri, 29 Dec 2006 15:14:02 -0700 (MST) (envelope-from owner-ietf-usefor@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-usefor@mail.imc.org using -f
Received: from smtp3.stanford.edu (smtp3.Stanford.EDU [171.67.20.26]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id kBTME10q077600 for <ietf-usefor@imc.org>; Fri, 29 Dec 2006 15:14:01 -0700 (MST) (envelope-from rra@stanford.edu)
Received: from smtp3.stanford.edu (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 495B24C0CB for <ietf-usefor@imc.org>; Fri, 29 Dec 2006 14:14:01 -0800 (PST)
Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.64.19.147]) by smtp3.stanford.edu (Postfix) with ESMTP id 1C48D4BE07 for <ietf-usefor@imc.org>; Fri, 29 Dec 2006 14:14:01 -0800 (PST)
Received: by windlord.stanford.edu (Postfix, from userid 1000) id 00A36E7C46; Fri, 29 Dec 2006 14:14:00 -0800 (PST)
From: Russ Allbery <rra@stanford.edu>
To: ietf-usefor@imc.org
Subject: Approved header field content (was: Protocol changes in draft-allbery-usefor-usepro-00)
In-Reply-To: <JAHJs5.FHC@clerew.man.ac.uk> (Charles Lindsey's message of "Mon, 18 Dec 2006 20:04:53 GMT")
Organization: The Eyrie
References: <JA8C4p.Anu@clerew.man.ac.uk> <873b7i9b2m.fsf@windlord.stanford.edu> <JAHJs5.FHC@clerew.man.ac.uk>
Date: Fri, 29 Dec 2006 14:14:00 -0800
Message-ID: <873b6ygxjr.fsf_-_@windlord.stanford.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) XEmacs/21.4.19 (linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-usefor@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-usefor/mail-archive/>
List-Unsubscribe: <mailto:ietf-usefor-request@imc.org?body=unsubscribe>
List-ID: <ietf-usefor.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0

Charles Lindsey <chl@clerew.man.ac.uk> writes:
> Russ Allbery <rra@stanford.edu> writes:
>> Charles Lindsey <chl@clerew.man.ac.uk> writes:

>>> 30. [-1] (5.2) Nothing said about content of Approved header.

>>> Surely, it SHOULD identify the person/identity/role of the issuer, ...

>> Intentional change.

>> The content of the Approved header serves no protocol purpose, and
>> USEFOR already adequately covers the definition of its content.
>> Control message authorization is done on the basis of the Sender or
>> From header (preferrably in combination with a digital signature).

> It asserts that this is an "authorized" message (just what "authorized"
> means is a separate issue which I shall raise later).

The description in USEFOR is:

   The Approved header field indicates the mailing addresses (and
   possibly the full names) of the persons or entities approving the
   article for posting.  Its principal uses are in moderated articles
   and in group control messages; see [I-D.ietf-usefor-usepro].

The Netnews protocol currently does not deal with authorization at all (an
obvious flaw noted in Security Considerations).  Any authorization
information you want to use has to be derived from the underlying
transport protocol or from unstandardized extensions such as digital
signatures.

> As such, it is pretty pointless unless it identifies the entity that is
> authorized, and all news servers that I know of can be configured with
> the identity that is to be recognized for each hierarchy.

If you're referring to group control mesages, said identity is checked
against the *From or Sender* header field, not the Approved header, at
least in INN.  INN ignores the contents of the Approved header.  I don't
know if C News uses the contents of the Approved header field for control
message permissions, but my impression from having maintained control.ctl
for some years is that most everyone uses From/Sender.

> Of course, it really needs to be digitally signed to make it effective,
> but that again is a separate issue.

> I think the WG early on took the view that the Approved header would
> simply fall into disrepute if one could always get away with
>    Approved: kibo
> and that it therefore needed some firmer language (digitally signed in due
> course). I remain of that view.

We can add firmer language when there's some meaning to the contents, such
as when digital signatures are added.  Right now, placing any stricter
requirements would contradict existing practice and be pointless since
there's no possible protocol check on the contents of Approved.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

v2.23.0 | Report a Bug | By Email