Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!olivea!mintaka!think.com!hsdndev!bbn.com!papaya.bbn.com!rsalz
From: rsalz@bbn.com (Rich Salz)
Newsgroups: news.software.b
Subject: How to handle article cancellations?
Message-ID: <3258@litchi.bbn.com>
Date: 6 Feb 91 16:20:11 GMT
Organization: BBN Systems and Technology, Inc.
Lines: 26

What verification should be done on cancel messages?

C-news does no checking.  Geoff says that since you can't securely validate, you
shouldn't provide the illusion that you can, so you can cancel the article.

B news and the RFC both say that you should check the sender (or from if sender is
blank) and make sure that the cancel message matches the article being cancelled.

The C-news method leaves people a little uneasy.  It's biggest advantage is that
it lets the cancel message arrive before the article does.

The B news method follows the standard.  However, it not only shouldn't process
cancels that arrive first, it shouldn't pass them along.  It should also not pass
along cancels that failed the verification.  The B news method has also caused
problems for people who like to hid behind one site name (e.g., using rn's C
command on a workstation when GENERICFROM is defined).

It seems like it would be very difficult to accept early cancel messages, but
then reject them if the article comes in and you the cancel fails...

Anyhow, which method seems better?  Comments to me will be summarized, but a
public discussion might not be a bad thing.
	/r$
-- 
Please send comp.sources.unix-related mail to rsalz@uunet.uu.net.
Use a domain-based address or give alternate paths, or you may lose out.