ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] NNTP IS Pull, deal with it

2003-04-26 16:12:09
from [Hallam-Baker, Phillip] [Permanent Link] 
Vernon,

        I implemented the NNTP protocols for my web browser. Don't try to
pull the authority crap.

        I think it is very clear what your game is here.

                Phill


-----Original Message-----
From: Vernon Schryver [mailto:vjs(_at_)calcite(_dot_)rhyolite(_dot_)com]
Sent: Saturday, April 26, 2003 7:07 PM
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] NNTP IS Pull, deal with it


It occurred to me that just pointing out the obvious that 
netnews is no
more of a "pull" protocol than Internet mail isn't sufficient 
for those
who don't read RFCs or C and don't configure or run SMTP or 
NNTP servers.


RFC 977 describes the important part of NNTP.  Messages can be moved
from an NNTP server to an NNTP client using two different mechanisms.
One is "an interactive mechanism" based on the NEWNEWS and ARTICLE
commands.  The NEWNEWS command causes the server to send a list of
articles and the ARTICLE command requests that the server 
send individual
articles.  In a sense that is inconsistent with the way the word has
been used in this mailing list, this is a "pull" protocol.  It is
inconsistent because no authenticating, checking, or filtering is done
other than by article-ID before the entire article is transferred.
The NEWNEWS comamnd produces only a list of article-IDs and 
the ARTICLE
command tells the server to emit an article by its ID.  The NEWNEWS
and ARTICLE commands can be used to move articles among servers, but
as far as I can tell, generally are not.

News is more commonly moved among servers using the IHAVE command.
A news system accumulates lists of file names containing articles that
need to be sent to its peers.  When there are enough articles 
or enough
time has passed, the NNTP client contacts a peer NNTP server and uses
the IHAVE command very much like an SMTP envelope to offer an article.
The NNTP server either rejects the article with 435/436/437 much as
an SMTP server says 4yz or 5yz to the SMTP envelope or the 
NNTP responds
by saying 335/235 much as an SMTP server responsds to an SMTP envelope
with "250 ok."

Never mind elaborations and optimizations such as SMTP ETRN and
persistent/"cached" SMTP or NNTP connections. 

Also skip kludges and hacks in such as "slurp" where an NNTP host
pretends to be a newsreading program to move bulk news.  These are
commonly used to violate terms of service that allow news reading and
posting by humans but not news serving by computers or to avoid the
greater hassles and security worries of configuring an NNTP peering.

Please do note that SMTP pipelining makes SMTP look even more
like NNTP IHAVE/sendme running at speed.

It is a relevant educational exercise to imagine how one might control
netnews spam given the nature of the overall system, and then to see
what tactics are now working and what never worked or stopped working.
(I do not intend to suggest that the effective netnews spam defenses
are directly applicable to email spam.)


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] NNTP IS Pull, deal with it, Vernon Schryver
Next by Date:  Re: [Asrg] The spammers strike back, Vernon Schryver
Previous by Thread:  Re: [Asrg] NNTP IS Pull, deal with it, mathew
Next by Thread:  RE: [Asrg] NNTP IS Pull, deal with it, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]