Netnews Administration System (NAS)
RFC 4707

Note: This ballot was opened for revision 07 and is now closed.

(Scott Hollenbeck) Yes

Comment (2004-06-24 for -)
No email
send info
The IESG notes the following editorial issues with the draft that should
be addressed prior to publication:

There is no copyright or IPR boilerplate as requested in earlier AD review.

References need to be split into normative and informative groups.

The ABNF rules response-code, Bits, User-ID, Keyblock, Finger, Version,
Key-ID, and Location are referenced but never defined.  These may actually
be technical as well as editorial.

There are also a number of technical issues with this specification:

  The IESG notes that protocol levels, or versions, are used to extend this
  protocol. Version numbers are quite inflexible -- each time additions are
  made to the protocol, a compliant server has to implement all those
  additions plus all previous additions made at lower numbers before it
  can claim to implement the new version. Additionally, version numbers
  don't provide any means of returning per-capability parameters or limits.

  This protocol uses client IP address information for authentication
  purposes. This echoes similar usage in NNTP. While this technique
  has been successful for NNTP in many situations over the years, it
  is not clear it is sufficient going forward. In particular, although
  IP address spoofing attacks are rare, widespread use of dynamic
  address assignment and NAT have reduced both the ability for servers
  to be properly configured with proper client address information as
  well as the ability of an IP address to uniquely identify a single

  This protocol uses PGP to sign data transferred from one NAS server
  to another. However, it isn't clear that all of the details of
  how to assign and validate PGP keys are sufficiently specified to
  ensure inoperability.

  Finally, various internationalization issues, e.g.
  internationalized newsgroup names, have yet to be addressed in Netnews.
  Although it is clearly inappropriate to deal with Netnews 
  internationalization in this specification, the IESG notes that
  changes may be necessary in this protocol once these issues
  are addressed elsewhere.

(Harald Alvestrand) No Objection

Comment (2004-06-03 for -)
No email
send info
The RFC Editor needs to make sure the technical issues are addressed somehow. If they are addressed well, the IESG note is not needed. Advice of the RFC Editor sought.

(Margaret Cullen) No Objection

(Bill Fenner) No Objection

(Ted Hardie) No Objection

(Russ Housley) No Objection

(David Kessens) No Objection

(Bert Wijnen) No Objection

Comment (2004-06-10 for -)
No email
send info
Uses IP addresses in example that are not inline with RFC3330, here is one
of those incorrect examples (there are multiple):


  <-- INFO
  --> 101 Information follows
      Server: (
      Uptime: 2 weeks, 3 days, 5 hours, 9 minutes
      Software: NAS 1.0
      Client: (
      Connection: 9 minutes
      Highest protocol level supported: 1
      Requested protocol level: 1
      Protocol level used: 1

And there are exmples that do not follow rfc2606 for domain names in examples,
here is one of them:


  <-- HIER de
  --> 611 Data coming
      Name: de
      Status: Complete
      Serial: 20020823120306
      Description: Internationale deutschsprachige Newsgruppen
      Language: DE
      Charset: ISO-8859-1
      Encoding: text/plain
      Newsgroup-Type: Discussion
      Hier-Type: Global
      Comp-Length: 14
      Date-Create: 19920106000000

I wonder if a reference likethis:

   [IANA-CS] IANA: Character Sets,

would not be betetr given as:

   [IANA-CS] IANA: Character Sets,

In fact, the first one tells you:
The Character Sets Registry has moved to the following:

For all registries, please see the following:

Updated May 01 2001

(Steven Bellovin) Abstain

Comment (2004-06-23 for -)
No email
send info
This document has numerous security issues, such address-based authentication, plaintext passwords with no cryptography, and inadequate specification of how to actually use PGP per this document.  That said, it is an individual Experimental submission, so I won't block it.