Jonathan Grobe | 1 Sep 06:51 2000
Picon
Picon

Re: Injector-Info.01

So the obvious alternative is for this group to define several headers
instead, such as:
NNTP-Posting-Host
NNTP-Posting-Date
Complaints-To
Trace

Anyone prefer this approach?

Jonathan Grobe      Jonathan Grobe Books. Used & out-of-print books:
Search or browse subject catalogs: <http://showcase.netins.net/web/grobe>
For millions of used/out-of-print books try <http://www.abebooks.com>
<http://www.bibliofind.com> <http://www.bookavenue.com> 

On 31 Aug 2000, Russ Allbery wrote:
> 
> NNTP-Posting-Host is widely used in practice in spam filtering.  I'm still
> rather leery of a change that makes this huge of a change in existing
> practice.  NNTP-Posting-Host is more widely used than a lot of the headers
> that are in RFC 1036.
> 
> I don't have any real disagreements with the proposed new header on its
> own merits, but that part of things makes me nervous.

Russ Allbery | 1 Sep 07:19 2000
Picon

Re: Injector-Info.01

Jonathan Grobe <grobe <at> netins.net> writes:

> So the obvious alternative is for this group to define several headers
> instead, such as:

> NNTP-Posting-Host
> NNTP-Posting-Date
> Complaints-To
> Trace

> Anyone prefer this approach?

I see no real utility in standardizing NNTP-Posting-Date or Trace, at
least as separate headers.  They contain the same set of information.

Complaints-To is a weird case; all the rest of this information is
intended to be machine-parseable or readable by abuse desk staffers or
news administrators, but the original idea of Complaints-To was
specifically to direct complaints from people who know how to read headers
but not much more than that to the right place.  If that information is
mixed in with all the rest of the information, I'm not sure it will do any
good.

I think it's worth considering going with the current Injector-Info
proposal but without the complaints field, separately standardizing
Complaints-To, and also document NNTP-Posting-Host but deprecate it in
favor of Injector-Info.

--

-- 
Russ Allbery (rra <at> stanford.edu)             <http://www.eyrie.org/~eagle/>
(Continue reading)

Andrew Gierth | 1 Sep 08:05 2000
Picon
Picon

Re: Injector-Info.01

>>>>> "Charles" == Charles Lindsey <chl <at> clw.cs.man.ac.uk> writes:

 Charles>       posting-serial-parameter
 Charles>                           = [CFWS] "serial" [CFWS] "=" value

(picking this one out more or less at random)

Why the [CFWS] before (or after) the "=" on some but not all of these
parameters?

AFAICT the MIME spec does not allow whitespace around the = of a
parameter, and allowing comments there is a serious nuisance.

--

-- 
Andrew.

Clive D.W. Feather | 1 Sep 13:40 2000
Picon

Re: Injector-Info.01

Charles Lindsey said:
>       posting-host-value  = dot-atom /
>                             [ dot-atom ":" ]
>                               ( dotted-quad / ; see [RFC 820]
>                                 ipv6-numeric ) ; see [RFC 2373]

>         NOTE: It is commonly the case that this header identifies a
>         dial-up point-of-presence, in which case logging information may
>         need to be consulted to find the true origin of the article.

What about allowing further tokens after the address to allow the ISP to
include the relevant data right there ? So the following example:

>       Injector-Info: isp.net; posting-host=modem-15.pop.isp.net;
>          posting-date="965243133: Wed  2 Aug 2000 20:05:33 -0100 (BST)";
>          serial="news2.isp.net:2427"; complaints-to="abuse <at> isp.net"

would become:

       Injector-Info: isp.net; posting-host="modem-15.pop.isp.net myuser";
          posting-date="965243133: Wed  2 Aug 2000 20:05:33 -0100 (BST)";
          serial="news2.isp.net:2427"; complaints-to="abuse <at> isp.net"

to show that it was account "myuser", or:

       Injector-Info: isp.net; posting-host="modem-15.pop.isp.net 23401273";
          posting-date="965243133: Wed  2 Aug 2000 20:05:33 -0100 (BST)";
          serial="news2.isp.net:2427"; complaints-to="abuse <at> isp.net"

to give a Radius log entry number.
(Continue reading)

Charles Lindsey | 1 Sep 11:44 2000
Picon
Picon

Re: Injector-Info.01

In <ylitshuonu.fsf <at> windlord.stanford.edu> Russ Allbery <rra <at> stanford.edu> writes:

>NNTP-Posting-Host is widely used in practice in spam filtering.  I'm still
>rather leery of a change that makes this huge of a change in existing
>practice.  NNTP-Posting-Host is more widely used than a lot of the headers
>that are in RFC 1036.

>I don't have any real disagreements with the proposed new header on its
>own merits, but that part of things makes me nervous.

It's more or a replacement for X-Trace than for NNTP-Posting-Host. But
then X-Trace usually duplicates NNTP-Posting-Host, which is wasteful.

I expect people will tend to include NNTP-Posting-Host as well for some
time after the new header appears. The real question is whether or not the
format I have proposed for Injector-Info lends itself to scanning for
interesting things by filters. If so, then filters will soon be scanning
for it, and NNTP-Posting-Host (which was never documented) will fade away.

--

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email:     chl <at> clw.cs.man.ac.uk  Web:   http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9     Fingerprint: 73 6D C2 51 93 A0 01 E7  65 E8 64 7E 14 A4 AB A5

Russ Allbery | 1 Sep 22:19 2000
Picon

Re: Injector-Info.01

Charles Lindsey <chl <at> clw.cs.man.ac.uk> writes:

> I expect people will tend to include NNTP-Posting-Host as well for some
> time after the new header appears. The real question is whether or not
> the format I have proposed for Injector-Info lends itself to scanning
> for interesting things by filters. If so, then filters will soon be
> scanning for it, and NNTP-Posting-Host (which was never documented) will
> fade away.

The key factor for spam filters is that there needs to be some sort of
token that roughly corresponds to a "user" (it doesn't have to be
human-readable, but it does need to not change with every post and
preferrably identify one user or at least one dialup host), it needs to
always be called the same thing, and it needs to be easy to extract from
the line.

Right now, given the current draft, I'd do something like:

    ($user) = ($hdr{'Injector-Info'} =~ /\bposting-host=(\S+)/);

and just use the colon as part of the value since it doesn't change.  If
whitespace is allowed around the equal sign, that can be dealt with
although it's annoying.  Comments are right out.  If we're going to allow
spaces in posting-host, then it should *always* be quoted so that the
parse can be easy; sometimes quoted and sometimes not quoted is much more
annoying to deal with.

It may be worthwhile calling the field something more generic, like
"identity", and just recommending the posting host be used as the default
value in the absence of something better.
(Continue reading)

Erland Sommarskog | 2 Sep 20:55 2000
Picon
Picon

Re: Injector-Info.01

Charles Lindsey <chl <at> clw.cs.man.ac.uk> writes:
>    The Injector-Info header is added to an article by an injecting agent
>    in order to provide information as to how that article entered the
>    Netnews system and to assist in tracing its true origin. It is
>    intended to replace various currently-used but nowhere-documented
>    headers such as "NNTP-Posting-Host", "NNTP-Posting-Date" amd "X-
>    Trace".

As part of our Draft, this text is somewhat funny. Wouldn't it be more
appropriate to discuss X-Trace & co in a note?

NNTP-Posting-Host is so widespread and so much of a de facto-standard,
that it merits a section of its own, even if only to be deprecated.

I tend to agree with Russ that Complaints-To probably should be a
header of its own.
--
Erland Sommarskog, Stockholm, sommar <at> algonet.se

Erland Sommarskog | 2 Sep 21:03 2000
Picon
Picon

Re: ATTN: Dave Barr: Time to Finish up and Close List?

Charles Lindsey (chl <at> clw.cs.man.ac.uk) writes:
> >> 4. A.O.B.
>
>
> >This was so long time ago, that I even can't recall what A.O.B. stands
> >for.
>
> "Any Other Business"

C.O.W with other words, (Can of Worms).

Assuming that the idea of getting a standards-track RFC out relatively
soon (which I still guess would take a year if we start now), with
mainly existing practice and adding simple or essential new features,
I think we should try to identity all features that we have introduced
beyond existing practice, and as Jonathan Grobe suggested have some
sort of poll on them, item by item. When we have an outcome of the
poll, we should have a second poll which is basically yes or no to
the lot to confirm that the contents still is such that the idea of
a RFC half-way still is worthwhile. We would still then have to go
through the sections again and make a final brush-up of the language
and grammar.

The list of items that we vote on, could well include things that we
don't have in the draft yet.
--
Erland Sommarskog, Stockholm, sommar <at> algonet.se

Shmuel (Seymour J.) Metz | 3 Sep 02:24 2000
Picon

Re: Injector-Info.01

>Right now, given the current draft, I'd do something like:
>    ($user) = ($hdr{'Injector-Info'} =~ /\bposting-host=(\S+)/);

I don't recall; does the current draft say that it MUST NOT have two
Injector headers?

--
-----------------------------------------------------------
     Shmuel (Seymour J.) Metz, SysProg and JOAT
     Atid/2
     Team OS/2
     Team PL/I
-----------------------------------------------------------

Charles Lindsey | 4 Sep 11:34 2000
Picon
Picon

Re: Injector-Info.01

In <20000901124030.W39226 <at> demon.net> "Clive D.W. Feather" <clive <at> demon.net> writes:

>What about allowing further tokens after the address to allow the ISP to
>include the relevant data right there ? So the following example:

>>       Injector-Info: isp.net; posting-host=modem-15.pop.isp.net;
>>          posting-date="965243133: Wed  2 Aug 2000 20:05:33 -0100 (BST)";
>>          serial="news2.isp.net:2427"; complaints-to="abuse <at> isp.net"

>would become:

>       Injector-Info: isp.net; posting-host="modem-15.pop.isp.net myuser";
>          posting-date="965243133: Wed  2 Aug 2000 20:05:33 -0100 (BST)";
>          serial="news2.isp.net:2427"; complaints-to="abuse <at> isp.net"

>to show that it was account "myuser", or:

My intention was that sort of stuff should go in the "serial" parameter,
so that the parsing of 'posting-date' would not get confused by extraneous
stuff. Generally, I reckon is is better to have a largish number of
parameters, each with a recognisable and parsable syntax to do one
specific job.

Agreed that my "serial" parameter has a very loose syntax. I did toy with
the idea of having a "server" parameter. The "sender" parameter was
supposed to identify the user, but maybe a "user" parameter is also
needed. One can expect many ISPs to add their own x-parameters, but we
should try any provide sufficient well-chosen ones to make this mostly
unnecessary.

(Continue reading)


Gmane