Re: [Asrg] Re: [OffTopic - NNTP]
2003-03-23 09:38:17
On Sunday, March 23, 2003, at 07:05 AM, mathew wrote:
You know that authentication via NNTP is possible, right?
Of course, managing that authentication is something else. A while
back, I was asked to investigate building a gateway between our
corporate mail server and our corporate usenet system. With some 1x,000
internal mailing lists, about 75% of them private and restricted and
most of those containing confidential data. We abandoned it after
realizing that managing the authentication of the system would require
a full time admin (the mail list side is effectively self-administered;
we found migrating that self-administration out to an NNTP extension
problematic. YMMV).
You also run into a huge problem with private data on NNTP -- once a
user authenticates to read it, they also have the ability to move it to
their server where you've lost control of it for authentication
purposes. This is also somewhat of a problem with e-mail, of course,
but a lesser one. there's a huge difference here in potential calamity
between someone forwarding email to his friends and someone attaching
to a private newsgroup on a corporate server with his personal NNTP
server and not realizing it's set up so that private newsgroup will
accidentally propogate into the main public NNTP feeds. The impact of a
leak via e-mail is almost always more restricted adn easier to resolve.
That shows one key problem with this idea: it assumes "mailing list" ==
"public discussion lists like this forum", and that's not true. Within
an organization, most mailing lists are private, which makes an NNTP
implementation difficult and security of the data problematic. Many of
those lists also extend outside of the organization, which makes them
impossible. and cross-organizational mail lists (on a simplistic level,
any mail list that has at least one subscriber that isn't part of your
mail server) you can't do it.
so a significant percentage of the mail lists that exist can't use the
solution. For those that possibly can, you create administrative and
security issues to deal with. Will your corporate info-sec folks
actually let you stuff corporate confidential data into private
newsgroups on a server that gateways to the outside world (for the rest
of usenet's groups)? I know mine would have a cow if that data got
anywhere near a machine that could be touched by the outside world. And
they should.
I agree with Damien Morton. Almost all mailing lists would be better
as newsgroups.
you think so. So far, I've seen 2 or 3 others on this list make the
same assertion.
That agrees with what I know from experience: back in 1998, I *did*
make all of my public mailling lists available via an NNTP interface.
While the main list server had a unique subscriber base of > 10,000 --
about a dozen used the NNTP interface.
The "pro-NNTP" people on this list seem to back up those kind of
numbers. A very small group of people strongly prefer NNTP over other
distribution technologies; they tend (based on my experience listening
to them try to convince me to do the NNTP thing again every few months)
to feel strongly it's the best thing since sliced bread; their overall
enthusiasm is quite high; their numbers are tiny. And for the most
part, they tend to be people who've been on the internet for a fairly
long time, and are somewhat set in their ways -- their habits trained
in a day when e-mail clients weren't as featured, and NNTP/Usenet was
more central to the internet experience.
If NNTP was the accepted way to do group discussions,
which it's not, for many good reasons.
you'd soon see yahoogroups and other discussion forum services
offering NNTP. (Not sure why they don't already.)
Because NNTP is a fading, mature protocol. authentication
administration is a pain. you might as well ask why we don't store
files on a gopher server any more, either. Most folks don't care, don't
want to use a separate client tool, and don't see any advantage to it,
and it doesn't really save bandwidth under most circumstances, and many
lists can't be wedged into the NNTP reality, so you create user
confusion because now two things that they think are the same are done
via different tools in different ways, and they don't understand why.
Since, because of the private list problem, you can't move all mail
lists off to NNTP anyway, it doesn't solve he problem, it just creates
complexity and confusion.
--
Chuq Von Rospach, Architech
chuqui(_at_)plaidworks(_dot_)com -- http://www.plaidworks.com/chuqui/blog/
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), (continued)
- RE: [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), Damien Morton
- [OffTopic - NNTP] RE: [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), Kee Hinckley
- [Asrg] Re: [OffTopic - NNTP], mathew
- Re: [Asrg] Re: [OffTopic - NNTP],
Chuq Von Rospach <=
- [Asrg] Re: [OffTopic - NNTP], Kee Hinckley
- Re: [Asrg] Re: [OffTopic - NNTP], Matt Sergeant
- Parameters for success? (was Re: [Asrg] Re: [OffTopic - NNTP], Chuq Von Rospach
- Re: Parameters for success? (was Re: [Asrg] Re: [OffTopic - NNTP], Justin Mason
- RE: [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), Steve Schear
- [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), Adam Back
- [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), Scott A Crosby
- Re: [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), Vernon Schryver
- Re: [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), Steve Schear
- Re: [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), Vernon Schryver
|
|
|