ietf-nntp Draft 20 pre-release 2

Clive D.W. Feather clive at demon.net
Fri Oct 10 08:22:42 PDT 2003


Rob Siemborski said:
>> I don't understand your vehemence here. We agreed a month or so back that
>> security issues were different and caching had to be thought through
>> carefully in that respect.
> As Russ noted, I wasn't a part of those discussions.

Okay, I thought it was said you were lurking.

> My vehimence is because I suspect that the current text is open to wild
> misinterpretation.  I suspect even if you fix it for "some caching is
> okay and some cachinmg is never ok" it will still be likely to be confused
> in dangerous ways.

Do you still feel that way about the pre-3 text?

I don't think we can just not mention caching at all. And once we've
mentioned it at all, we should be comprehensive. If we just say "do not
cache security information" that implies it's safe to cache anything else.

I gave three points which I felt described the consensus view. Do you
agree or disagree with them? Here they are again:

* Some people want caching of common capabilities while others see it as a
waste of time. Therefore a client MAY cache.

* Servers make absolutely no guarantees. Therefore you MUST NOT rely on the
cached information; you can only use it to drive heuristics.

* Security is a whole different kettle of fish. It's a really really bad
idea to cache knowledge about security capabilities rather than checking
each time. This is, at least, a SHOULD NOT matter if not a MUST NOT matter.

>>     [C] LIST EXTENSIONS MOREINFO
[...]
> Is this optimization really worth this much additional complexity?

I don't know. It didn't look to me as being a big deal to add.

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | *** NOTE CHANGE ***
Demon Internet      | WWW: http://www.davros.org | Fax:    +44 870 051 9937
Thus plc            |                            | Mobile: +44 7973 377646



More information about the ietf-nntp mailing list