[NNTP] Fwd: Gen-art review of draft-ietf-nntpext-streaming-05
Charles Lindsey
chl at clerew.man.ac.uk
Fri Jun 10 08:20:54 PDT 2005
In <42A81C48.5030109 at dial.pipex.com> Elwyn Davies <elwynd at dial.pipex.com> writes:
>The sort of thing I was thinking of was sending streams of CHECKs for
>articles and never sending TAKETHIS, or asking about or sending the
>same article repeatedly, or sending a stream of CHECKs for the same
>article that the malicious client knows the server has already.
I think the whole point of the STREAMING extension is that it is intended
to be used between peers who have agreed to it beforehand. Thus a random
outsider, even if he knows how to authenticate to that server, is unlikely
to find the STREAMING capability open to him. Thus malicious clients can
be largely discounted.
Plain broken clients are another matter, but a server administrator who
finds himself in that situation will simply dis-authorize that client
until it gets its system fixed.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp
mailing list