Discussion about Cancel-Lock support
Julien ÉLIE
julien at trigofacile.com
Thu Jan 6 18:18:39 UTC 2022
Hi Russ,
> It may be worth considering getting rid of verifycancels while
> we're at it to reduce some complexity, since the check it enables is
> essentially meaningless and RFC 5537 actively recommends against this.
> Cancel-Lock support is the correct approach to achieve the same ends
> (although of course most people don't generate Cancel-Lock headers).
Having a look at innd's code to implement Cancel-Lock verification, I
came into that verifycancels stuff.
It verifies that at least one newsgroup in the cancel message is present
in the article to be cancelled. Isn't it a check that should be kept?
It is not done by default.
RFC 5537 indicates that:
To best ensure that it will be relayed to the same news servers as
the original message, a cancel control message SHOULD have the same
Newsgroups header field as the message it is cancelling.
So maybe the change to do is to only do the check in nnrpd (at injection
time) and not do it when relaying?
The verifycancels option would then apply only at injection time, and
should be enabled by default. (Another possibility is to force it in
nnrpd without configurable option.)
What RFC 5537 actively recommends against is that From and Sender header
fields match, which is a check that was removed in INN 2.5.1 from innd.
Incidentally, I suggest removing that check everywehre in INN (I see
that inews still does it).
--
Julien ÉLIE
« J'oubliais qu'Assurancetourix a une nouvelle corde à sa harpe ! »
(Astérix)
More information about the inn-workers
mailing list