Netnews Administration System (NAS)
draft-dfncis-netnews-admin-sys-07
Yes
No Objection
(Bill Fenner)
(David Kessens)
(Margaret Cullen)
(Russ Housley)
(Ted Hardie)
Abstain
Note: This ballot was opened for revision 07 and is now closed.
Scott Hollenbeck Former IESG member
Yes
Yes
(2004-06-24)
Unknown
The IESG notes the following editorial issues with the draft that should be addressed prior to publication: There is no copyright or IPR boilerplate as requested in earlier AD review. References need to be split into normative and informative groups. The ABNF rules response-code, Bits, User-ID, Keyblock, Finger, Version, Key-ID, and Location are referenced but never defined. These may actually be technical as well as editorial. There are also a number of technical issues with this specification: The IESG notes that protocol levels, or versions, are used to extend this protocol. Version numbers are quite inflexible -- each time additions are made to the protocol, a compliant server has to implement all those additions plus all previous additions made at lower numbers before it can claim to implement the new version. Additionally, version numbers don't provide any means of returning per-capability parameters or limits. This protocol uses client IP address information for authentication purposes. This echoes similar usage in NNTP. While this technique has been successful for NNTP in many situations over the years, it is not clear it is sufficient going forward. In particular, although IP address spoofing attacks are rare, widespread use of dynamic address assignment and NAT have reduced both the ability for servers to be properly configured with proper client address information as well as the ability of an IP address to uniquely identify a single client. This protocol uses PGP to sign data transferred from one NAS server to another. However, it isn't clear that all of the details of how to assign and validate PGP keys are sufficiently specified to ensure inoperability. Finally, various internationalization issues, e.g. internationalized newsgroup names, have yet to be addressed in Netnews. Although it is clearly inappropriate to deal with Netnews internationalization in this specification, the IESG notes that changes may be necessary in this protocol once these issues are addressed elsewhere.
Bert Wijnen Former IESG member
No Objection
No Objection
(2004-06-10)
Unknown
Uses IP addresses in example that are not inline with RFC3330, here is one of those incorrect examples (there are multiple): Example: <-- INFO --> 101 Information follows Server: nas.example.org (192.168.192.100) Uptime: 2 weeks, 3 days, 5 hours, 9 minutes Software: NAS 1.0 Client: client.example.org (192.168.0.200) Connection: 9 minutes Highest protocol level supported: 1 Requested protocol level: 1 Protocol level used: 1 . And there are exmples that do not follow rfc2606 for domain names in examples, here is one of them: Examples <-- HIER de --> 611 Data coming Name: de Status: Complete Serial: 20020823120306 Description: Internationale deutschsprachige Newsgruppen Netiquette: http://www.dana.de/de/netiquette.html FAQ: http://www.dana.de/de/neue-de-gruppe.html Ctl-Send-Adr: moderator@dana.de Ctl-Newsgroup: de.admin.news.announce Mod-Wildcard: %s@moderators.dana.de Language: DE Charset: ISO-8859-1 Encoding: text/plain Newsgroup-Type: Discussion Hier-Type: Global Comp-Length: 14 Date-Create: 19920106000000 I wonder if a reference likethis: [IANA-CS] IANA: Character Sets, ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets would not be betetr given as: [IANA-CS] IANA: Character Sets, http://www.iana.org/assignments/character-sets In fact, the first one tells you: The Character Sets Registry has moved to the following: http://www.iana.org/assignments/character-sets For all registries, please see the following: http://www.iana.org/numbers.htm Updated May 01 2001
Bill Fenner Former IESG member
No Objection
No Objection
()
Unknown
David Kessens Former IESG member
No Objection
No Objection
()
Unknown
Harald Alvestrand Former IESG member
No Objection
No Objection
(2004-06-03)
Unknown
The RFC Editor needs to make sure the technical issues are addressed somehow. If they are addressed well, the IESG note is not needed. Advice of the RFC Editor sought.
Margaret Cullen Former IESG member
No Objection
No Objection
()
Unknown
Russ Housley Former IESG member
No Objection
No Objection
()
Unknown
Ted Hardie Former IESG member
No Objection
No Objection
()
Unknown
Steven Bellovin Former IESG member
Abstain
Abstain
(2004-06-23)
Unknown
This document has numerous security issues, such address-based authentication, plaintext passwords with no cryptography, and inadequate specification of how to actually use PGP per this document. That said, it is an individual Experimental submission, so I won't block it.