info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
What happens if a Message-ID is repeated?
2 views
Skip to first unread message
Stephen Duppe
Feb 2, 2022, 9:22:06 AM2/2/22
to
RFC1036 says that a Message-ID header
"may not be reused during the lifetime of any previous message with the
same Message-ID"
and then that
"(it) is recommended that no Message-ID be reused for at least two years."
https://www.w3.org/Protocols/rfc1036/rfc1036.html
What happens if someone does try to inject into newsspace a message with
same Message-ID as another message that was posted only shortly before? Are
news servers set up to fend off that kind of accident or abuse, such as by
binning the second message?
Harry
"may not be reused during the lifetime of any previous message with the
same Message-ID"
and then that
"(it) is recommended that no Message-ID be reused for at least two years."
https://www.w3.org/Protocols/rfc1036/rfc1036.html
What happens if someone does try to inject into newsspace a message with
same Message-ID as another message that was posted only shortly before? Are
news servers set up to fend off that kind of accident or abuse, such as by
binning the second message?
Harry
Jon Ribbens
Feb 2, 2022, 10:40:00 AM2/2/22
to
On 2022-02-02, Stephen Duppe <shud...@REMOVE.yahoo.co.uk> wrote:
> RFC1036 says that a Message-ID header
>
> "may not be reused during the lifetime of any previous message with the
> same Message-ID"
>
> and then that
>
> "(it) is recommended that no Message-ID be reused for at least two years."
>
> https://www.w3.org/Protocols/rfc1036/rfc1036.html
>
> What happens if someone does try to inject into newsspace a message
> with same Message-ID as another message that was posted only shortly
> before?
Their message will disappear without trace.
> RFC1036 says that a Message-ID header
>
> "may not be reused during the lifetime of any previous message with the
> same Message-ID"
>
> and then that
>
> "(it) is recommended that no Message-ID be reused for at least two years."
>
> https://www.w3.org/Protocols/rfc1036/rfc1036.html
>
> What happens if someone does try to inject into newsspace a message
> with same Message-ID as another message that was posted only shortly
> before?
> Are news servers set up to fend off that kind of accident or abuse,
> such as by binning the second message?
and so it is completely normal and expected that they see the same
article offered multiple times. e.g. you post your article to server
A, which sends it to servers B and C, both of which then offer it to
server D as well as each other. They use the Message-ID to recognise
that they've already seen the article and to ignore any further offers
of the same article.
So if you try sending a second article with a recently-used Message-ID,
your second article will be ignored by news servers as a duplicate copy
of an article already received - and not as part of some obscure and
rarely-used anti-exploit system, but as part of the fundamental everyday
operation of how Usenet works.
Stephen Duppe
Feb 2, 2022, 1:15:15 PM2/2/22
to
Jon Ribbens <jon+u...@unequivocal.eu> wrote in
news:slrnsvl9ef.5...@raven.unequivocal.eu:
Thanks for this. That's interesting. Is it normal for news servers to apply
a time limit (perhaps the two years mentioned in RFC1036), or for example
is "slrnsvl9ef.5...@raven.unequivocal.eu" likely to be a reliable
identifier uniquely of your message for a very long time, even if a
persistent adversary keeps trying to inject other messages that carry the
same identifier?
H
news:slrnsvl9ef.5...@raven.unequivocal.eu:
a time limit (perhaps the two years mentioned in RFC1036), or for example
is "slrnsvl9ef.5...@raven.unequivocal.eu" likely to be a reliable
identifier uniquely of your message for a very long time, even if a
persistent adversary keeps trying to inject other messages that carry the
same identifier?
H
Jon Ribbens
Feb 2, 2022, 2:47:23 PM2/2/22
to
On 2022-02-02, Stephen Duppe <shud...@REMOVE.yahoo.co.uk> wrote:
> Jon Ribbens <jon+u...@unequivocal.eu> wrote in
> news:slrnsvl9ef.5...@raven.unequivocal.eu:
> Jon Ribbens <jon+u...@unequivocal.eu> wrote in
> news:slrnsvl9ef.5...@raven.unequivocal.eu:
>> So if you try sending a second article with a recently-used
>> Message-ID, your second article will be ignored by news servers as a
>> duplicate copy of an article already received - and not as part of
>> some obscure and rarely-used anti-exploit system, but as part of the
>> fundamental everyday operation of how Usenet works.
>
> Thanks for this. That's interesting. Is it normal for news servers to
> apply a time limit (perhaps the two years mentioned in RFC1036), or
> for example is "slrnsvl9ef.5...@raven.unequivocal.eu" likely
> to be a reliable identifier uniquely of your message for a very long
> time, even if a persistent adversary keeps trying to inject other
> messages that carry the same identifier?
News servers will certainly forget about old Message-IDs after a while,
>> Message-ID, your second article will be ignored by news servers as a
>> duplicate copy of an article already received - and not as part of
>> some obscure and rarely-used anti-exploit system, but as part of the
>> fundamental everyday operation of how Usenet works.
>
> Thanks for this. That's interesting. Is it normal for news servers to
> apply a time limit (perhaps the two years mentioned in RFC1036), or
> for example is "slrnsvl9ef.5...@raven.unequivocal.eu" likely
> to be a reliable identifier uniquely of your message for a very long
> time, even if a persistent adversary keeps trying to inject other
> messages that carry the same identifier?
generally after the article has expired from that server's news spool.
So how long it takes will depend on the configuration of the news
server (and may vary from group to group). It could vary from weeks to
months to years depending on the server and group.
Generally speaking, a Message-ID will usually be unique forever, not
least because there is no reason for an adversary to try and cause it
to be otherwise. But if you are thinking of creating a system which
would provide such a reason, then it would be wise include extra
safeguards (e.g. at a mimum also mention the date of the post).
Stephen Duppe
Feb 3, 2022, 5:25:42 AM2/3/22
to
Jon Ribbens <jon+u...@unequivocal.eu> wrote in
news:slrnsvlnua.5...@raven.unequivocal.eu:
> On 2022-02-02, Stephen Duppe <shud...@REMOVE.yahoo.co.uk> wrote:
>> Jon Ribbens <jon+u...@unequivocal.eu> wrote in
>> news:slrnsvl9ef.5...@raven.unequivocal.eu:
> News servers will certainly forget about old Message-IDs after a while,
> generally after the article has expired from that server's news spool.
> So how long it takes will depend on the configuration of the news
> server (and may vary from group to group). It could vary from weeks to
> months to years depending on the server and group.
>
> Generally speaking, a Message-ID will usually be unique forever, not
> least because there is no reason for an adversary to try and cause it
> to be otherwise. But if you are thinking of creating a system which
> would provide such a reason, then it would be wise include extra
> safeguards (e.g. at a mimum also mention the date of the post).
Thanks for this.
> generally after the article has expired from that server's news spool.
> So how long it takes will depend on the configuration of the news
> server (and may vary from group to group). It could vary from weeks to
> months to years depending on the server and group.
>
> Generally speaking, a Message-ID will usually be unique forever, not
> least because there is no reason for an adversary to try and cause it
> to be otherwise. But if you are thinking of creating a system which
> would provide such a reason, then it would be wise include extra
> safeguards (e.g. at a mimum also mention the date of the post).
I will post a separate question about Date: headers.
H
0 new messages