[NNTP] STREAMING diffs (take 2)
Jeffrey M. Vinocur
jeff at litech.org
Mon Jun 13 15:45:13 PDT 2005
On Jun 13, 2005, at 2:27 PM, Ken Murchison wrote:
> Russ Allbery wrote:
>
>> Same here. I don't understand. Surely the use of deferrals and the
>> interaction between CHECK and TAKETHIS are protocol issues?
>
> The vulnerability that we're discussing isn't inherent in the design
> of the CHECK command. Its only present in server implementations
> which choose to "lock" a particular message-id that it receives from a
> CHECK command. You can certainly write a server which isn't subject
> to this attack.
I agree with Russ. The concept of "locking" is inherent in the
protocol; what is the purpose of the 431 response otherwise?
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list