ietf-nntp Review of draft-dfncis-netnews-admin-sys-04.txt

Russ Allbery rra at stanford.edu
Mon Apr 29 12:04:52 PDT 2002 

ned <ned+ietf-nntp at innosoft.com> writes:

> The draft listed above has been submitted to the RFC Editor for
> publication. It is customary for the IESG to ask WGs in areas related to
> such individual submissions to review them. NNTPEXT seems like the right
> group to me to do such a review, so please have a look and tell me
> (either on the NNTPEXT list or privately) what you think.

I'd previously reviewed this protocol somewhat privately.  I think it
would be workable, but I have the following general concerns:

 * Most of the information that sites are currently tracking about news
   hierarchies is available via the NNTP protocol itself with LIST
   ACTIVE and LIST NEWSGROUPS.  There already exists software to connect
   to any number of servers via NNTP and use those commands to build a
   newsgroup list and merge it into the local newsgroup list.  It seems
   kind of unfortunate to design a whole new protocol to do this, although
   if anyone actually starts using all that additional information
   provided for in this draft, it could be useful.

 * I'd really like to see the packets of information about a hierarchy
   registered as a MIME type.  I don't think that would be much additional
   work for this draft, and then those packets could also be included in
   control messages.

 * The section on PGP keys (6.7) I think should be reviewed by someone who
   is familiar with PGP interoperability and standardization issues.  I
   think some of the information being provided is underspecified and
   worthless (the PGP version number, for example) and that other things
   should be specified and aren't (like the key algorithm or the packet
   format version).  It looks like the basics originally came from the
   pgpverify work, and that's one of the open problems with the format of
   the headers produced by pgpverify (not enough information, and the
   information included isn't all that useful).  Similarly, the PGP type
   parameter to GETP and GETA is using PGP2, PGP5, and GPG as types of
   signatures and it would probably be better to use standard OpenPGP
   version numbers with some special designated version number for old PGP
   2.6.x-compatible signatures (since GnuPG signatures are interoperable
   with current versions of PGP now, and are properly termed OpenPGP v4
   signatures).

 * The protocol version number approach that they're taking is an
   interesting one, but I think it may be less flexible than the approach
   used by most other protocols, which is to provide a base protocol and
   then some method of querying the server for extensions.  One can
   simulate the former with the latter, and the latter also allows for
   more degrees of freedom.  Not sure if it's important enough to ask them
   to change it or not.

 * I dislike the way that data about individual groups in GETP and GETA
   are, in effect, delimited by a Name: header.  That requires additional
   code to figure out when data for one group ends and another starts and
   is unnecessarily hard to read.  Requiring a blank line between data for
   groups would be a simple change and make coding this easier.

 * The DATA example implies that RFC 2822-style header continuation is
   allowed in the key-value pairs, but that doesn't appear to be allowed
   by the ABNF.

 * Minor nit:  There is no discussion of how long each line in a multiline
   response can be.  If the intent is for it to be unlimited, that should
   probably be stated explicitly.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the ietf-nntp mailing list