ietf-nntp Clarification of DNS issues in the security section

[Russ Allbery]

The current order of presentation in the security section makes 14.3
rather mysterious to someone reading the draft without prior knowledge
about how NNTP implementations commonly work.  It starts:

    Clients and Servers using NNTP rely heavily on the Domain Name
    Service, and are thus generally prone to security attacks based on the
    deliberate misassociation of IP addresses and DNS names.  Clients and
    Servers need to be cautious in assuming the continuing validity of an
    IP number/DNS name association.

which assumes a bunch of knowledge about how NNTP is normally
authenticated (not mentioned in the draft apart from section 14.4, which
follows this section).

I propose moving section 14.4, which deals with the lack of authentication
in NNTP and mentions that DNS is used instead, to section 14.3 and making
the current 14.3 14.4 instead, and then replacing the current opening
paragraph with:

    Many existing NNTP implementations authorize incoming connections by
    checking the IP address of that connection against the IP addresses
    obtained via DNS lookups of lists of domain names given in local
    configuration files.  Servers that use this type of authentication,
    and clients that find a server by doing a DNS lookup of the server
    name, rely very heavily on the Domain Name Service, and are thus
    generally prone to security attacks based on the deliberate
    misassociation of IP addresses and DNS names.  Clients and servers
    need to be cautious in assuming the continuing validity of an IP
    number/DNS name association.

That clarifies better why DNS is significant to the NNTP protocol, and
makes it clearer that if one is using some other authentiation mechanism
there's less need to worry about DNS.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>