ietf-nntp Clarification of DNS issues in the security section
Russ Allbery
rra at stanford.edu
Sun Jul 8 05:57:56 PDT 2001
The current order of presentation in the security section makes 14.3
rather mysterious to someone reading the draft without prior knowledge
about how NNTP implementations commonly work. It starts:
Clients and Servers using NNTP rely heavily on the Domain Name
Service, and are thus generally prone to security attacks based on the
deliberate misassociation of IP addresses and DNS names. Clients and
Servers need to be cautious in assuming the continuing validity of an
IP number/DNS name association.
which assumes a bunch of knowledge about how NNTP is normally
authenticated (not mentioned in the draft apart from section 14.4, which
follows this section).
I propose moving section 14.4, which deals with the lack of authentication
in NNTP and mentions that DNS is used instead, to section 14.3 and making
the current 14.3 14.4 instead, and then replacing the current opening
paragraph with:
Many existing NNTP implementations authorize incoming connections by
checking the IP address of that connection against the IP addresses
obtained via DNS lookups of lists of domain names given in local
configuration files. Servers that use this type of authentication,
and clients that find a server by doing a DNS lookup of the server
name, rely very heavily on the Domain Name Service, and are thus
generally prone to security attacks based on the deliberate
misassociation of IP addresses and DNS names. Clients and servers
need to be cautious in assuming the continuing validity of an IP
number/DNS name association.
That clarifies better why DNS is significant to the NNTP protocol, and
makes it clearer that if one is using some other authentiation mechanism
there's less need to worry about DNS.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list