[NNTP] Re: MODE READER
Mark Crispin
mrc at CAC.Washington.EDU
Thu Nov 4 13:03:54 PST 2004
On Thu, 4 Nov 2004, Andrew - Supernews wrote:
> Mark> Even if I had an answer for this question, it is irrelevant for
> Mark> the discussion at hand.
> It's relevent, but the reasons for that may not become clear unless you
> answer the question.
I know, you're going to give me the "TLS is too expensive" argument.
The fallacy is that this assumes current conditions. When engineering a
protocol, we must consider the conditions of the future.
> Mark> If a facility's lack of security is used to enable a major
> Mark> attack, the number of megabits/second without security ceases
> Mark> to be relevant. The facility will do what is necessary to
> Mark> ameliorate the attack.
> I don't think you really understand the threat model that applies to
> much of the common usage of NNTP.
The phrase "much of the common usage" is quite a prevarication.
Threats occur from many sources. DDOS is a threat, but so are session
hijacking and IP address spoofing.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
More information about the ietf-nntp
mailing list