ietf-nntp new Draft available
Stan O. Barber
sob at verio.net
Mon Nov 8 13:34:57 PST 1999
Andrew Gierth wrote:
> OK, I went and looked at the HTTP stuff to see where they were coming
> from.
>
> It seems to me that they are more concerned about DNS from the
> perspective of the client looking up the server's address; which is
> much less interesting from an NNTP perspective.
>
> The problem for NNTP is precisely the reverse. While it is possible
> (indeed generally preferable for reader clients) to do access control
> by IP address alone rather than by DNS name, it is nevertheless the
> case that most deployed server software has the option to do access
> control by hostname. Furthermore, at least three widely-used server
> implementations (including the original reference implementation) have
> been found to be vulnerable to abuse if an attacker with control over
> his reverse DNS is able to guess at a hostname which has access to the
> server.
I think they are concerned about both client and server.
>
> Stan> Okey. So your arguement is effectively that this description
> Stan> does not explicitly point out this specific "spoof"? Providing
> Stan> specific text would make this all much clearer to me.
>
> How about something along these lines:
>
> Server implementors should bear in mind that the owner of an IP
> address may be able to supply any arbitrary string as the result
> of a reverse lookup (in-addr.arpa.) query on that IP address.
> Accordingly, the result of such lookups should never be used for
> access control, logging, or any other purpose without first
> confirming that a forward lookup on the name resolves back to
> the same IP address.
>
> Logging and accountability information should use the IP address
> in preference to, or in addition to, the reverse DNS data.
>
> An additional reference is the LINX BCP on traceability, which
> can be found at http://www.linx.net/noncore/bcp/traceability-bcp.html
Thanks. This makes it much easier to make the draft clearer.
>
> >> It is also a fact that simple errors in reverse DNS have, in the
> >> past, caused articles to be incorrectly traced and users to be
> >> wrongfully accused of abuses.
>
> Stan> Tracing information is part of the content of the articles, not
> Stan> part of the protocol spec. This type of comment may belong in
> Stan> the USEFOR spec, not here.
>
> Tracing information is also part of server logs; indeed there is
> significant resistance in USEFOR to adding trace information to
> articles that should more properly be handled on the originating
> server alone.
>
> As you've already introduced the issue of traceability in 14.1,
> I don't see any reason to exclude the DNS issue from this draft.
Your opinion in noted. Let's see what others have to say.
I have no comments on the rest of your note other than to request that you take
a more civil tone in future email.
More information about the ietf-nntp
mailing list