info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Misuse of Date: headers
3 views
Skip to first unread message
Stephen Duppe
Feb 3, 2022, 5:41:40 AM2/3/22
to
In another thread I asked about the uniqueness of Message-ID headers and
Jon R wrote:
> Generally speaking, a Message-ID will usually be unique forever, not
> least because there is no reason for an adversary to try and cause it
> to be otherwise. But if you are thinking of creating a system which
> would provide such a reason, then it would be wise include extra
> safeguards (e.g. at a mimum also mention the date of the post).
Sadly it sounds as though there may be some scope for an adversary to
cause confusion by posting a message carrying an already-used Message-ID
after a few weeks or months.
What scope is there for an adversary who in addition would also use a
misleading Date: header, backdated by weeks or months, perhaps carrying the
same data as the original Date: header?
Would a reference such as the following be likely to take someone reliably
to the correct message for the foreseeable future?
Date: Thu, 3 Feb 2022 10:25:40 -0000 (UTC)
Message-ID: <XnsAE336A13...@46.165.242.75>
I'm wondering whether if someone were to post a different message carrying
those same two headers a few weeks or months or years in the future it
would get passed on by news servers or simply binned by reason of having an
out of date Date: header?
H
Jon R wrote:
> Generally speaking, a Message-ID will usually be unique forever, not
> least because there is no reason for an adversary to try and cause it
> to be otherwise. But if you are thinking of creating a system which
> would provide such a reason, then it would be wise include extra
> safeguards (e.g. at a mimum also mention the date of the post).
Sadly it sounds as though there may be some scope for an adversary to
cause confusion by posting a message carrying an already-used Message-ID
after a few weeks or months.
What scope is there for an adversary who in addition would also use a
misleading Date: header, backdated by weeks or months, perhaps carrying the
same data as the original Date: header?
Would a reference such as the following be likely to take someone reliably
to the correct message for the foreseeable future?
Date: Thu, 3 Feb 2022 10:25:40 -0000 (UTC)
Message-ID: <XnsAE336A13...@46.165.242.75>
I'm wondering whether if someone were to post a different message carrying
those same two headers a few weeks or months or years in the future it
would get passed on by news servers or simply binned by reason of having an
out of date Date: header?
H
Richard Kettlewell
Feb 3, 2022, 8:39:36 AM2/3/22
to
Stephen Duppe <shud...@REMOVE.yahoo.co.uk> writes:
> In another thread I asked about the uniqueness of Message-ID headers and
> Jon R wrote:
>
>> Generally speaking, a Message-ID will usually be unique forever, not
>> least because there is no reason for an adversary to try and cause it
>> to be otherwise. But if you are thinking of creating a system which
>> would provide such a reason, then it would be wise include extra
>> safeguards (e.g. at a mimum also mention the date of the post).
>
> Sadly it sounds as though there may be some scope for an adversary to
> cause confusion by posting a message carrying an already-used Message-ID
> after a few weeks or months.
Agreed.
> In another thread I asked about the uniqueness of Message-ID headers and
> Jon R wrote:
>
>> Generally speaking, a Message-ID will usually be unique forever, not
>> least because there is no reason for an adversary to try and cause it
>> to be otherwise. But if you are thinking of creating a system which
>> would provide such a reason, then it would be wise include extra
>> safeguards (e.g. at a mimum also mention the date of the post).
>
> Sadly it sounds as though there may be some scope for an adversary to
> cause confusion by posting a message carrying an already-used Message-ID
> after a few weeks or months.
> What scope is there for an adversary who in addition would also use a
> misleading Date: header, backdated by weeks or months, perhaps carrying the
> same data as the original Date: header?
>
> Would a reference such as the following be likely to take someone reliably
> to the correct message for the foreseeable future?
>
> Date: Thu, 3 Feb 2022 10:25:40 -0000 (UTC)
> Message-ID: <XnsAE336A13...@46.165.242.75>
>
> I'm wondering whether if someone were to post a different message carrying
> those same two headers a few weeks or months or years in the future it
> would get passed on by news servers or simply binned by reason of having an
> out of date Date: header?
e.g. artcutoff in https://linux.die.net/man/5/inn.conf.
--
https://www.greenend.org.uk/rjk/
Jon Ribbens
Feb 3, 2022, 11:57:56 AM2/3/22
to
On 2022-02-03, Stephen Duppe <shud...@REMOVE.yahoo.co.uk> wrote:
> In another thread I asked about the uniqueness of Message-ID headers and
> Jon R wrote:
>> Generally speaking, a Message-ID will usually be unique forever, not
>> least because there is no reason for an adversary to try and cause it
>> to be otherwise. But if you are thinking of creating a system which
>> would provide such a reason, then it would be wise include extra
>> safeguards (e.g. at a mimum also mention the date of the post).
>
> Sadly it sounds as though there may be some scope for an adversary to
> cause confusion by posting a message carrying an already-used Message-ID
> after a few weeks or months.
>
> What scope is there for an adversary who in addition would also use a
> misleading Date: header, backdated by weeks or months, perhaps
> carrying the same data as the original Date: header?
>
> Would a reference such as the following be likely to take someone reliably
> to the correct message for the foreseeable future?
>
> Date: Thu, 3 Feb 2022 10:25:40 -0000 (UTC)
> Message-ID: <XnsAE336A13...@46.165.242.75>
I think so, yes. As time goes by they may find it harder to retrieve
> In another thread I asked about the uniqueness of Message-ID headers and
> Jon R wrote:
>> Generally speaking, a Message-ID will usually be unique forever, not
>> least because there is no reason for an adversary to try and cause it
>> to be otherwise. But if you are thinking of creating a system which
>> would provide such a reason, then it would be wise include extra
>> safeguards (e.g. at a mimum also mention the date of the post).
>
> Sadly it sounds as though there may be some scope for an adversary to
> cause confusion by posting a message carrying an already-used Message-ID
> after a few weeks or months.
>
> What scope is there for an adversary who in addition would also use a
> misleading Date: header, backdated by weeks or months, perhaps
> carrying the same data as the original Date: header?
>
> Would a reference such as the following be likely to take someone reliably
> to the correct message for the foreseeable future?
>
> Date: Thu, 3 Feb 2022 10:25:40 -0000 (UTC)
> Message-ID: <XnsAE336A13...@46.165.242.75>
the message, but I think they should always either find the correct
message or no message at all, never a different message. Deja News
used to have a function that allowed you to search its Usenet
archive by Message-ID, but since it got absorbed into Google Groups
I think that function has sadly disappeared.
> I'm wondering whether if someone were to post a different message carrying
> those same two headers a few weeks or months or years in the future it
> would get passed on by news servers or simply binned by reason of
> having an out of date Date: header?
fundamental to how Usenet operates - if the server knows that it
keeps a log of all Message-IDs it has received in, say, the last
11 days, and also knows that it rejects all articles with a Date
header older than, say, 10 days, then it knows it will never get
in a situation whereby it accepts the same message twice.
0 new messages