Draft specification for future X-Trace header

Olaf Titz olaf at bigred.inka.de
Wed Jul 12 11:47:58 UTC 2000


> Under this model, you have one and only one set of tracing information,
> and you know that the tracing information is generated by an entity at
> least responsible enough that someone's been willing to peer with them
> rather than just offer them a reading connection.

"Responsible enough" means little in this context. Usually it just
means "found someone who is willing, usually in exchange for money, to
set up the connection". If the "responsible enough" party is not
responsible enough, the right place to complain (hopefully) is in the
Path header.

I see little difference to mail here. Especially I don't accept the
notion that POST is a trust barrier, because there is no provision
which makes a feed connection transitively trusted.

> The right way to do it is with POST, but when setting this up, you have to
> be careful to NEVER send back to your ISP's news server stuff you *got*
> from your ISP's news server or some other news server.  POST is suitable
> *only* for locally originating articles; as soon as you have multiple
> feeds or misconfigure something and start feeding back articles you got
> from your ISP, POST can potentially mean serious trouble.

Of course nobody _wants_ to feed back articles he got from one site.
My point is exactly that you can't _rely_ on everyone on earth to
configure his INN correctly. We really should avoid falling into the
same trap as the Fidonet people 15 years ago, don't we? In any
client/server setup done right it is the server's (more general:
receiving end's) responsibility to ensure consistency.

This may well mean that the server rejects postings it doesn't like.
I concede the SHOULD NOT is perhaps not appropriate, but there is a
reason for it.

What I do not want to encourage in any case is client-side munging of
outgoing articles to satisfy some overzealous server's dislike of POST
feeds. This has even been a topic of a HOWTO type manual for rpost,
specifically recommending stripping out the Message-ID in outgoing
articles. This has been responsible for several dupe floods in the
past. And likewise with a rule of "only one X-Trace header", clients
will strip out that header and lose valuable tracing information.

Accept POST feeds as the lesser evil in order to not break even more.

Olaf




More information about the inn-workers mailing list