ietf-nntp BCP for RFC977 server/RFC1036 interaction

[der Mouse]

>> If you insist on only "guaranteed" (for some random definition)
>> identity information being included, you probably might as well not
>> bother defining the header, because it will be used so rarely as to
>> be useless.

> And from my viewpoint, if you don't trust the information you get
> then it is a mistake to put it out.

This is a point of view with which I strongly disagree. :-)

Speaking as a putative news admin, I would insert n-p-h (or moral
equivalent) so I know where I got the article from; I would insert
n-p-u (or ditto) for the same reason I save pidentd information in mail
Received: headers or tcp-wrappers logs: I don't know how trustworthy it
is, but if I have occasion to push a complaint back to that host, I
have no excuse for not providing information that is presumably
provided to me because the remote host wants to be able to get it back.

Personally, I would also insert another header, called something like
NNTP-Posting-Server-Signature: with a signature that covers those
aspects of the article that shouldn't change (certainly n-p-h and
n-p-u) as protection against forged complaints to me.  This doesn't
need to be a signature in the public-key sense; after all, it doesn't
have to be publicly checkable.

> Philosophical difference we're unlikely to resolve until you admit
> I'm right. :)

No no no, you've got it all backward.  _You_ need to admit _I_'m right.

:-)

					der Mouse

			       mouse at rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B