[NNTP] STREAMING diffs (take 2)

[Russ Allbery]

Ade Lovett <ade at lovett.com> writes:

> Not quite.

> I am against this text *in isolation* since it would be the only part of
> the document that deals specifically with how to handle protocol abuse,
> particularly as it is part of a capability that would, in current
> practice, be available only to otherwise trusted clients who could do
> significantly more damage much more easily.

So, the whole reason why I wrote the text this morning is that, thinking
about it, I felt like there was an issue regarding pre-commit caches that
most everyone implements, that's necessary to avoid duplicate articles in
practice, but that the document doesn't talk about.  That's not actually
just a question of abuse, although it happens to also help with one
particular abuse case.  So I think we're talking about multiple things
here.

One question is do we want to say something in the protocol description
about pre-commit caching, or do we want to leave that to a followup BCP?

The other question is whether we need to say something in security
considerations.  I don't think we want to describe pre-commit caching in
the security considerations section, since it's really not a security
issue precisely.

Ken's text captures the security bits quite well, but doesn't really talk
about the protocol bit (understandably, since he didn't feel like it was
properly part of the protocol).  I'm now somewhat confused as to who
thinks we should talk about the pre-commit cache and who thinks we should
talk about the abuse prevention issues.

Could folks weigh in on what they think about both?  Apparently it wasn't
as clear-cut as I'd thought; I thought I was the only one who was seeing
much utility in either and that other people were just going along but not
feeling strongly about it, but maybe that's not the case.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>