ietf-nntp BCP for RFC977 server/RFC1036 interaction

William H. Magill magill at isc.upenn.edu
Thu Dec 19 06:05:42 PST 1996


>   The intention was that IHAVE would only be used by news neighbors, never
>   by clients.  The headers in an article arriving by IHAVE would not be
>   tampered with except to prefix the Path line.
>
This may be a comment based on ignorance on my part (being an interested
and effected party, not an expert), but it is my understanding that there is
no protocol distinction between client adjacent-server.  

That is to say, nothing defines a session as being between two peers and
therefore limited to command set A; or between a server and a prospective
or legitimate client and therefore limited to command set B.

Or, put another way, nothing prevents a client from issuing server commands
and vice versa.

And that this lack provides one of the easiest mechanisms for article
forgery.

T.T.F.N.
William H. Magill                          Senior Systems Administrator
Information Services and Computing (ISC)   University of Pennsylvania
Internet: magill at isc.upenn.edu             magill at acm.org
          magill at upenn.edu                 http://pobox.upenn.edu/~magill/



More information about the ietf-nntp mailing list