[NNTP] STREAMING diffs (take 2)
Russ Allbery
rra at stanford.edu
Tue Jun 14 16:21:56 PDT 2005
Ken Murchison <ken at oceana.com> writes:
> Russ Allbery wrote:
>> Okay, it seems like we do have consensus on making no changes to the
>> security section, and the only question is over whether or not to add
>> additional documentation on the use of deferrals and a pre-commit
>> cache.
> Are we certain that we don't need/want to discuss TAKETHIS in the
> security section? I'm not pushing hard for it, I just don't want to
> skip it if we feel its justified. Of course a malicious client could
> abuse the server in the same fashion with POST or IHAVE and just not
> wait for the initial response, so maybe TAKETHIS isn't all that unique.
I don't think we need to say anything. All we'd end up saying is "only
make this service available to authenticated clients if you're worried
about abuse," which is something that could equally be said about any NNTP
command.
That is, at least, my current feeling for the group consensus.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list