ietf-nntp BCP for RFC977 server/RFC1036 interaction
Kenneth Herron
kherron at campus.mci.net
Fri Mar 28 19:57:48 PST 1997
>>Can I suggest "FQDN and IP address" ?
>
>Yuck. Hosts should do forward/backware IP/name lookups to verify
>
>Put the one you can "trust" there.
Hmm, that would almost mandate that the one be the IP address. After
all, we're talking about an authentication aid here; the bad guy could
change his DNS, make his post, and change it back, for example.
Considering readability, trustworthiness, and current practice, I'd lean
toward
NNTP-Posting-Host: hostname ([IP])
as at least a recognized--dare I say recommended?--form. (I'd probably
also have put the authenticated user name in there too somewhere,
instead of making a whole 'nother header for it.)
More information about the ietf-nntp
mailing list