💾 Archived View for gemini.bortzmeyer.org › rfc-mirror › rfc1849.txt captured on 2022-01-08 at 19:47:58.
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Independent Submission H. Spencer Request for Comments: 1849 SP Systems Obsoleted by: 5536, 5537 March 2010 Category: Historic ISSN: 2070-1721 "Son of 1036": News Article Format and Transmission Abstract By the early 1990s, it had become clear that RFC 1036, then the specification for the Interchange of USENET Messages, was badly in need of repair. This "Internet-Draft-to-be", though never formally published at that time, was widely circulated and became the de facto standard for implementors of News Servers and User Agents, rapidly acquiring the nickname "Son of 1036". Indeed, under that name, it could fairly be described as the best-known Internet Draft (n)ever published, and it formed the starting point for the recently adopted Proposed Standards for Netnews. It is being published now in order to provide the historical background out of which those standards have grown. Present-day implementors should be aware that it is NOT NOW APPROPRIATE for use in current implementations. Status of This Memo This document is not an Internet Standards Track specification; it is published for the historical record. This document defines a Historic Document for the Internet community. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc1849. Spencer Historic [Page 1] RFC 1849 Son of 1036 March 2010 Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. This document may not be modified, and derivative works of it may not be created, except to format it for publication as an RFC or to translate it into languages other than English. Spencer Historic [Page 2] RFC 1849 Son of 1036 March 2010 Table of Contents Preface ............................................................5 Original Abstract ..................................................6 1. Introduction ....................................................6 2. Definitions, Notations, and Conventions .........................8 2.1. Textual Notations ..........................................8 2.2. Syntax Notation ............................................9 2.3. Definitions ...............................................10 2.4. End-of-Line ...............................................13 2.5. Case-Sensitivity ..........................................13 2.6. Language ..................................................13 3. Relation to MAIL (RFC822, etc.) ................................14 4. Basic Format ...................................................15 4.1. Overall Syntax ............................................15 4.2. Headers ...................................................16 4.2.1. Names and Contents .................................16 4.2.2. Undesirable Headers ................................18 4.2.3. White Space and Continuations ......................18 4.3. Body ......................................................19 4.3.1. Body Format Issues .................................19 4.3.2. Body Conventions ...................................20 4.4. Characters and Character Sets .............................23 4.5. Non-ASCII Characters in Headers ...........................26 4.6. Size Limits ...............................................28 4.7. Example ...................................................30 5. Mandatory Headers ..............................................30 5.1. Date ......................................................31 5.2. From ......................................................33 5.3. Message-ID ................................................35 5.4. Subject ...................................................36 5.5. Newsgroups ................................................38 5.6. Path ......................................................42 6. Optional Headers ...............................................45 6.1. Followup-To ...............................................45 6.2. Expires ...................................................46 6.3. Reply-To ..................................................47 6.4. Sender ....................................................47 6.5. References ................................................48 6.6. Control ...................................................50 6.7. Distribution ..............................................51 6.8. Keywords ..................................................52 6.9. Summary ...................................................53 6.10. Approved .................................................53 6.11. Lines ....................................................54 6.12. Xref .....................................................55 6.13. Organization .............................................56 6.14. Supersedes ...............................................57 Spencer Historic [Page 3] RFC 1849 Son of 1036 March 2010 6.15. Also-Control .............................................57 6.16. See-Also .................................................58 6.17. Article-Names ............................................58 6.18. Article-Updates ..........................................60 7. Control Messages ...............................................60 7.1. cancel ....................................................61 7.2. ihave, sendme .............................................64 7.3. newgroup ..................................................66 7.4. rmgroup ...................................................68 7.5. sendsys, version, whogets .................................68 7.6. checkgroups ...............................................73 8. Transmission Formats ...........................................74 8.1. Batches ...................................................74 8.2. Encoded Batches ...........................................75 8.3. News within Mail ..........................................76 8.4. Partial Batches ...........................................77 9. Propagation and Processing .....................................77 9.1. Relayer General Issues ....................................78 9.2. Article Acceptance and Propagation ........................80 9.3. Administrator Contact .....................................82 10. Gatewaying ....................................................83 10.1. General Gatewaying Issues ................................83 10.2. Header Synthesis .........................................85 10.3. Message ID Mapping .......................................86 10.4. Mail to and from News ....................................88 10.5. Gateway Administration ...................................89 11. Security and Related Issues ...................................90 11.1. Leakage ..................................................90 11.2. Attacks ..................................................91 11.3. Anarchy ..................................................92 11.4. Liability ................................................92 12. References ....................................................93 Appendix A. Archaeological Notes ..................................96 A.1. "A News" Article Format ...................................96 A.2. Early "B News" Article Format .............................96 A.3. Obsolete Headers ..........................................97 A.4. Obsolete Control Messages .................................97 Appendix B. A Quick Tour of MIME ..................................98 Appendix C. Summary of Changes Since RFC 1036 ....................103 Appendix D. Summary of Completely New Features ...................104 Appendix E. Summary of Differences from RFCs 822 and 1123.........105 Spencer Historic [Page 4] RFC 1849 Son of 1036 March 2010 Preface Although [RFC1036] was published in 1987, for many years it remained the only formally published specification for Netnews format and processing. It was widely considered obsolete within a few years, and it has now been superseded by the work of the USEFOR Working Group, leading to the publication of [RFC5536] and [RFC5537]. However, there was an intermediate step that is of some historical interest. In 1993-4, Henry Spencer wrote and informally circulated a document that became known as "Son of 1036", meant as a first draft of a replacement for [RFC1036]. It went no further at the time (although, more recently, the USEFOR Working Group started from it), but has nevertheless seen considerable use as a technical reference and even a de facto standard, despite its informal status. The USEFOR work has eliminated any further relevance of Son of 1036 as a technical reference, but it remains of historical interest. The USEFOR Working Group has asked that it be published as an Historic RFC, to ensure its preservation in an accessible form and facilitate referencing it. This document is identical to the last distributed version of Son of 1036, dated 2 June 1994, except for reformatting, correction of a few minor factual or formatting errors, completion of the then-empty Appendix D and of the References section, minor editing to match preferred RFC style, and changes to leading and trailing material. Remarks enclosed within "{...}" indicate explanatory material not present in the original version. References to the current MIME standards (and a few others) have been added (that was an unresolved issue in 1994). The technical content remains unchanged, including the references to the document itself as a Draft rather than an RFC and the presence of unresolved issues. The original section numbering has been preserved, although the original pagination has not (among other reasons, it did not fully follow IETF formatting standards). READERS ARE CAUTIONED THAT THIS DOCUMENT IS OBSOLETE AND SHOULD NOT BE USED AS A TECHNICAL REFERENCE. Although Son of 1036 largely documented existing practice, it also proposed some changes, some of which did not catch on or are no longer considered good ideas. (Of particular note, the MIME type "message/news" should not be used.) Consult [RFC5536] and [RFC5537] for modern technical information. Spencer Historic [Page 5] RFC 1849 Son of 1036 March 2010 Although a number of people contributed useful comments or criticism during the preparation of this document, its contents are entirely the opinions of the author circa 1994. Not even the author himself agrees with them all now. The author thanks Charles Lindsey for his assistance in getting this document cleaned up and formally published at last (not least, for supplying some prodding to actually get it done!). The author thanks Luc Rooijakkers for supplying the MIME summary that Appendix B is based on. Original Abstract This Draft defines the format and procedures for interchange of network news articles. It is hoped that a later version of this Draft will obsolete RFC 1036, reflecting more recent experience and accommodating future directions. Network news articles resemble mail messages but are broadcast to potentially large audiences, using a flooding algorithm that propagates one copy to each interested host (or group thereof), typically stores only one copy per host, and does not require any central administration or systematic registration of interested users. Network news originated as the medium of communication for Usenet, circa 1980. Since then, Usenet has grown explosively, and many Internet sites participate in it. In addition, the news technology is now in widespread use for other purposes, on the Internet and elsewhere. This Draft primarily codifies and organizes existing practice. A few small extensions have been added in an attempt to solve problems that are considered serious. Major extensions (e.g., cryptographic authentication) that need significant development effort are left to be undertaken as independent efforts. 1. Introduction Network news articles resemble mail messages but are broadcast to potentially large audiences, using a flooding algorithm that propagates one copy to each interested host (or groups thereof), typically stores only one copy per host, and does not require any central administration or systematic registration of interested users. Network news originated as the medium of communication for Usenet, circa 1980. Since then, Usenet has grown explosively, and many Internet sites participate in it. In addition, the news technology is now in widespread use for other purposes, on the Internet and elsewhere. Spencer Historic [Page 6] RFC 1849 Son of 1036 March 2010 The earliest news interchange used the so-called "A News" article format. Shortly thereafter, an article format vaguely resembling Internet mail was devised and used briefly. Both of those formats are completely obsolete; they are documented in Appendix A for historical reasons only. With the publication of [RFC850] in 1983, news articles came to closely resemble Internet mail messages, with some restrictions and some additional headers. In 1987, [RFC1036] updated [RFC850] without making major changes. In the intervening five years, the [RFC1036] article format has proven quite satisfactory, although minor extensions appear desirable to match recent developments in areas such as multi-media mail. [RFC1036] itself has not proven quite so satisfactory. It is often rather vague and does not address some issues at all; this has caused significant interoperability problems at times, and implementations have diverged somewhat. Worse, although it was intended primarily to document existing practice, it did not precisely match existing practice even at the time it was published, and the deviations have grown since. This Draft attempts to specify the format of articles, and the procedures used to exchange them and process them, in sufficient detail to allow full interoperability. In addition, some tentative suggestions are made about directions for future development, in an attempt to avert unnecessary divergence and consequent loss of interoperability. Major extensions (e.g., cryptographic authentication) that need significant development effort are left to be undertaken as independent efforts. NOTE: One question all of this may raise is: why is there no News- Version header, analogous to MIME-Version, specifying a version number corresponding to this specification? The answer is: it doesn't appear to be useful, given news's backward-compatibility constraints. The major use of a version number is indicating which of several INCOMPATIBLE interpretations is relevant. The impossibility of orchestrating any sort of simultaneous change over news's installed base makes it necessary to avoid such incompatible changes (as opposed to extensions) entirely. MIME has a version number mostly because it introduced incompatible changes to the interpretation of several "Content-" headers. This Draft attempts no changes in interpretation, and it appears doubtful that future Drafts will find it feasible to introduce any. UNRESOLVED ISSUE: Should this be reconsidered? Only if the header has SPECIFIC IDENTIFIABLE uses today. Otherwise, it's just useless added bulk. Spencer Historic [Page 7] RFC 1849 Son of 1036 March 2010 As in this Draft's predecessors, the exact means used to transmit articles from one host to another is not specified. Network News Transfer Protocol (NNTP) [RFC977] {since replaced by [RFC3977]} is probably the most common transmission method on the Internet, but a number of others are known to be in use, including the Unix-To-Unix Copy Protocol [UUCP], which was extensively used in the early days of Usenet and is still much used on its fringes today. Several of the mechanisms described in this Draft may seem somewhat strange or even bizarre at first reading. As with Internet mail, there is no reasonable possibility of updating the entire installed base of news software promptly, so interoperability with old software is crucial and will remain so. Compatibility with existing practice and robustness in an imperfect world necessarily take priority over elegance. 2. Definitions, Notations, and Conventions 2.1. Textual Notations Throughout this Draft, "MAIL" is short for "[RFC822] as amended by [RFC1123]". ([RFC1123]'s amendments are mostly relatively small, but they are not insignificant.) See also the discussion in Section 3 about this Draft's relationship to MAIL. "MIME" is short for "[RFC1341] and [RFC1342]" (or their {since} updated replacements {[RFC2045], [RFC2046], and [RFC2047]}). UNRESOLVED ISSUE: Update these numbers {now resolved!}. {NOTE: Since the original publication of this Draft [RFC822] has been updated, firstly to [RFC2822] and more recently to [RFC5322]; however, this Draft is firmly rooted in the original [RFC822]. Similarly, [RFC821] has also received two upgrades in the meantime.} "ASCII" is short for "the ANSI X3.4 character set" [X3.4]. While "ASCII" is often misused to refer to various character sets somewhat similar to X3.4, in this Draft, "ASCII" means [X3.4] and only [X3.4]. NOTE: The name is traditional (to the point where the ANSI standard sanctions it), even though it is no longer an acronym for the name of the standard. NOTE: ASCII, X3.4, contains 128 characters, not all of them printable. Character sets with more characters are not ASCII, although they may include it as a subset. Spencer Historic [Page 8] RFC 1849 Son of 1036 March 2010 Certain words used to define the significance of individual requirements are capitalized. "MUST" means that the item is an absolute requirement of the specification. "SHOULD" means that the item is a strong recommendation: there may be valid reasons to ignore it in unusual circumstances, but this should be done only after careful study of the full implications and a firm conclusion that it is necessary, because there are serious disadvantages to doing so. "MAY" means that the item is truly optional, and implementors and users are warned that conformance is possible but not to be relied on. The term "compliant", applied to implementations, etc., indicates satisfaction of all relevant "MUST" and "SHOULD" requirements. The term "conditionally compliant" indicates satisfaction of all relevant "MUST" requirements but violation of at least one relevant "SHOULD" requirement. This Draft contains explanatory notes using the following format. These may be skipped by persons interested solely in the content of the specification. The purpose of the notes is to explain why choices were made, to place them in context, or to suggest possible implementation techniques. NOTE: While such explanatory notes may seem superfluous in principle, they often help the less-than-omniscient reader grasp the purpose of the specification and the constraints involved. Given the limitations of natural language for descriptive purposes, this improves the probability that implementors and users will understand the true intent of the specification in cases where the wording is not entirely clear. All numeric values are given in decimal unless otherwise indicated. Octets are assumed to be unsigned values for this purpose. Large numbers are written using the North American convention, in which "," separates groups of three digits but otherwise has no significance. 2.2. Syntax Notation Although the mechanisms specified in this Draft are all described in prose, most are also described formally in the modified BNF notation of [RFC822]. Implementors will need to be familiar with this notation to fully understand this specification and are referred to [RFC822] for a complete explanation of the modified BNF notation. Here is a brief illustrative example: Spencer Historic [Page 9] RFC 1849 Son of 1036 March 2010 sentence = clause *( punct clause ) "." punct = ":" / ";" clause = 1*word [ "(" clause ")" / "," 1*word ] word = <any English word> This defines a sentence as some clauses separated by puncts and ended by a period, a punct as a colon or semicolon, a clause as at least one <word> optionally followed by either a parenthesized clause or a comma and at least one more <word>, and a <word> as (informally) any English word. The characters "<>" are used to enclose names when (and only when) distinguishing them from surrounding text is useful. The full form of the repetition notation is "<m>*<n><thing>", denoting <m> through <n> repetitions of <thing>; <m> defaults to zero, <n> to infinity, and the "*" and <n> can be omitted if <m> and <n> are equal, so 1*word is one or more words, 1*5word is one through five words, and 2word is exactly two words. The character "\" is not special in any way in this notation. This Draft is intended to be self-contained; all syntax rules used in it are defined within it, and a rule with the same name as one found in MAIL does not necessarily have the same definition. The lexical layer of MAIL is NOT, repeat NOT, used in this Draft, and its presence must not be assumed; notably, this Draft spells out all places where white space is permitted/required and all places where constructs resembling MAIL comments can occur. NOTE: News parsers historically have been much less permissive than MAIL parsers. 2.3. Definitions The term "character set", wherever it is used in this Draft, refers to a coded character set, in the sense of ISO character set standardization work, and must not be misinterpreted as meaning merely "a set of characters". In this Draft, ASCII character 32 is referred to as "blank"; the word "space" has a more generic meaning. An "article" is the unit of news, analogous to a MAIL "message". A "poster" is a human being (or software equivalent) submitting a possibly compliant article to be "posted", i.e., made available for reading on all relevant hosts. A "posting agent" is software that assists posters to prepare articles, including determining whether the final article is compliant, passing it on to a relayer for posting if so, and returning it to the poster with an explanation if Spencer Historic [Page 10] RFC 1849 Son of 1036 March 2010 not. A "relayer" is software that receives allegedly compliant articles from posting agents and/or other relayers, files copies in a "news database", and possibly passes copies on to other relayers. NOTE: While the same software may well function both as a relayer and as part of a posting agent, the two functions are distinct and should not be confused. The posting agent's purpose is (in part) to validate an article, supply header information that can or should be supplied automatically, and generally take reasonable actions in an attempt to transform the poster's submission into a compliant article. The relayer's purpose is to move already- compliant articles around efficiently without damaging them. A "reader" is a human being reading news articles. A "reading agent" is software that presents articles to a reader. NOTE: Informal usage often uses "reader" for both these meanings, but this introduces considerable potential for confusion and misunderstanding, so this Draft takes care to make the distinction. A "newsgroup" is a single news forum, a logical bulletin board, having a name and nominally intended for articles on a specific topic. An article is "posted to" a single newsgroup or several newsgroups. When an article is posted to more than one newsgroup, it is said to be "cross-posted"; note that this differs from posting the same text as part of each of several articles, one per newsgroup. A "hierarchy" is the set of all newsgroups whose names share a first component (see the name syntax in Section 5.5). A newsgroup may be "moderated", in which case submissions are not posted directly, but mailed to a "moderator" for consideration and possible posting. Moderators are typically human but may be implemented partially or entirely in software. A "followup" is an article containing a response to the contents of an earlier article (the followup's "precursor"). A "followup agent" is a combination of reading agent and posting agent that aids in the preparation and posting of a followup. Text comparisons are "case-sensitive" if they consider uppercase letters (e.g., "A") different from lowercase letters (e.g., "a"), and "case-insensitive" if letters differing only in case (e.g., "A" and "a") are considered identical. Categories of text are said to be case-(in)sensitive if comparisons of such texts to others are case- (in)sensitive. Spencer Historic [Page 11] RFC 1849 Son of 1036 March 2010 A "cooperating subnet" is a set of news-exchanging hosts that is sufficiently well-coordinated (typically via a central administration of some sort) that stronger assumptions can be made about hosts in the set than about news hosts in general. This is typically used to relax restrictions that are otherwise required for worst-case interoperability; members of a cooperating subnet MAY interchange articles that do not conform to this Draft's specifications, provided all members have agreed to this and provided the articles are not permitted to leak out of the subnet. The word "subnet" is used to emphasize that a cooperating subnet is typically not an isolated universe; care must be taken that traffic leaving the subnet complies with the restrictions of the larger net, not just those of the cooperating subnet. A "message ID" is a unique identifier for an article, usually supplied by the posting agent that posted it. It distinguishes the article from every other article ever posted anywhere (in theory). Articles with the same message ID are treated as identical copies of the same article even if they are not in fact identical. A "gateway" is software that receives news articles and converts them to messages of some other kind (e.g., mail to a mailing list), or vice versa; in essence, it is a translating relayer that straddles boundaries between different methods of message exchange. The most common type of gateway connects newsgroup(s) to mailing list(s), either unidirectionally or bidirectionally, but there are also gateways between news networks using this Draft's news format and those using other formats. A "control message" is an article that is marked as containing control information; a relayer receiving such an article will (subject to permissions, etc.) take actions beyond just filing and passing on the article. NOTE: "Control article" would be more consistent terminology, but "control message" is already well established. An article's "reply address" is the address to which mailed replies should be sent. This is the address specified in the article's From header (see Section 5.2), unless it also has a Reply-To header (see Section 6.3). The notation (for example) "(ASCII 17)" following a name means "this name refers to the ASCII character having value 17". An "ASCII printable character" is an ASCII character in the range 33-126. An "ASCII control character" is an ASCII character in the range 0-31, or the character DEL (ASCII 127). A "non-ASCII character" is a character having a value exceeding 127. Spencer Historic [Page 12] RFC 1849 Son of 1036 March 2010 NOTE: Blank is neither an "ASCII printable character" nor an "ASCII control character". 2.4. End-of-Line How the end of a text line is represented depends on the context and the implementation. For Internet transmission via protocols such as SMTP [RFC821], an end-of-line is a CR (ASCII 13) followed by an LF (ASCII 10). ISO C [ISO/IEC9899] and many modern operating systems indicate end-of-line with a single character, typically ASCII LF (aka "newline"), and this is the normal convention when news is transmitted via UUCP. A variety of other methods are in use, including out-of-band methods in which there is no specific character that means end-of-line. This Draft does not constrain how end-of-line is represented in news, except that characters other than CR and LF MUST NOT be usurped for use in end-of-line representations. Also, obviously, all software dealing with a particular copy of an article must agree on the convention to be used. "EOL" is used to mean "whatever end-of-line representation is appropriate"; it is not necessarily a character or sequence of characters. NOTE: If faced with picking an EOL representation in the absence of other constraints, use of a single character simplifies processing, and the ASCII standard [X3.4] specifies that if one character is to be used for this purpose, it should be LF (ASCII 10). NOTE: Inside MIME encodings, use of the Internet canonical EOL representation (CR followed by LF) is mandatory. See [RFC2049]. 2.5. Case-Sensitivity Text in newsgroup names, header parameters, etc. is case-sensitive unless stated otherwise. NOTE: This is at variance with MAIL, which is case-insensitive unless stated otherwise, but is consistent with news historical practice and existing news software. See the comments on backward compatibility in Section 1. 2.6. Language Various constant strings in this Draft, such as header names and month names, are derived from English words. Despite their derivation, these words do NOT change when the poster or reader employing them is interacting in a language other than English. Spencer Historic [Page 13] RFC 1849 Son of 1036 March 2010 Posting and reading agents SHOULD translate as appropriate in their interaction with the poster or reader, but the forms that actually appear in articles are always the English-derived ones defined in this Draft. 3. Relation to MAIL (RFC822, etc.) The primary intent of this Draft is to completely describe the news article format as a subset of MAIL's message format (augmented by some new headers). Unless explicitly noted otherwise, the intent throughout is that an article MUST also be a valid MAIL message. NOTE: Despite obvious similarities between news and mail, opinions vary on whether it is possible or desirable to unify them into a single service. However, it is unquestionably both possible and useful to employ some of the same tools for manipulating both mail messages and news articles, so there is specific advantage to be had in defining them compatibly. Furthermore, there is no apparent need to re-invent the wheel when slight extensions to an existing definition will suffice. Given that this Draft attempts to be self-contained, it inevitably contains considerable repetition of information found in MAIL. This raises the possibility of unintentional conflicts. Unless specifically noted otherwise, any wording in this Draft that permits behavior that is not MAIL-compliant is erroneous and should be followed only to the extent that the result remains compliant with MAIL. NOTE: [RFC1036] said "where this standard conflicts with the Internet Standard, RFC 822 should be considered correct and this standard in error". Taken literally, this was obviously incorrect, since [RFC1036] imposed a number of restrictions not found in [RFC822]. The intent, however, was reasonable: to indicate that UNINTENTIONAL differences were errors in [RFC1036]. Implementors and users should note that MAIL is deliberately an extensible standard, and most extensions devised for mail are also relevant to (and compatible with) news. Note particularly MIME, summarized briefly in Appendix B, which extends MAIL in a number of useful ways that are definitely relevant to news. Also of note is the work in progress on reconciling Privacy Enhanced Mail (PEM), which defines extensions for authentication and security) with MIME, after which this may also be relevant to news. UNRESOLVED ISSUE: Update the MIME/PEM information. Spencer Historic [Page 14] RFC 1849 Son of 1036 March 2010 Similarly, descriptions here of MIME facilities should be considered correct only to the extent that they do not require or legitimize practices that would violate those RFCs. (Note that this Draft does extend the application of some MIME facilities, but this is an extension rather than an alteration.) 4. Basic Format 4.1. Overall Syntax The overall syntax of a news article is: article = 1*header separator body header = start-line *continuation start-line = header-name ":" space [ nonblank-text ] eol continuation = space nonblank-text eol header-name = 1*name-character *( "-" 1*name-character ) name-character = letter / digit letter = <ASCII letter A-Z or a-z> digit = <ASCII digit 0-9> separator = eol body = *( [ nonblank-text / space ] eol ) eol = <EOL> nonblank-text = [ space ] text-character *( space-or-text ) text-character = <any ASCII character except NUL (ASCII 0), HT (ASCII 9), LF (ASCII 10), CR (ASCII 13), or blank (ASCII 32)> space = 1*( <HT (ASCII 9)> / <blank (ASCII 32)> ) space-or-text = space / text-character An article consists of some headers followed by a body. An empty line separates the two. The headers contain structured information about the article and its transmission. A header begins with a header name identifying it, and can be continued onto subsequent lines by beginning the continuation line(s) with white space. (Note that Section 4.2.3 adds some restrictions to the header syntax indicated here.) The body is largely unstructured text significant only to the poster and the readers. NOTE: Terminology here follows the current custom in the news community, rather than the MAIL convention of (sometimes) referring to what is here called a "header" as a "header field" or "field". Note that the separator line must be truly empty, and not just a line containing white space. Further empty lines following it are part of the body, as are empty lines at the end of the article. Spencer Historic [Page 15] RFC 1849 Son of 1036 March 2010 NOTE: Some systems make no distinction between empty lines and lines consisting entirely of white space; indeed, some systems cannot represent entirely empty lines. The grammar's requirement that header continuation lines contain some printable text is meant to ensure that the empty/space distinction cannot confuse identification of the separator line. NOTE: It is tempting to authorize posting agents to strip empty lines at the beginning and end of the body, but such empty lines could possibly be part of a preformatted document. Implementors are warned that trailing white space, whether alone on the line or not, MAY be significant in the body, notably in early versions of the "uuencode" encoding for binary data. Trailing white space MUST be preserved unless the article is known to have originated within a cooperating subnet that avoids using significant trailing white space, and SHOULD be preserved regardless. Posters SHOULD avoid using conventions or encodings that make trailing white space significant; for encoding of binary data, MIME's "base64" encoding is recommended. Implementors are warned that ISO C implementations are not required to preserve trailing white space, and special precautions may be necessary in implementations that do not. NOTE: Unfortunately, the signature-delimiter convention (described in Section 4.3.2) does use significant trailing white space. It's too late to fix this; there is work underway on defining an organized signature convention as part of MIME, which is a preferable solution in the long run. Posters are warned that some very old relayer software misbehaves when the first non-empty line of an article body begins with white space. 4.2. Headers 4.2.1. Names and Contents Despite the restrictions on header-name syntax imposed by the grammar, relayers and reading agents SHOULD tolerate header names containing any ASCII printable character other than colon (":", ASCII 58). NOTE: MAIL header names can contain any ASCII printable character (other than colon) in theory, but in practice, arbitrary header names are known to cause trouble for some news software. Section 4.1's restriction to alphanumeric sequences separated by hyphens is believed to permit all widely used header names without causing Spencer Historic [Page 16] RFC 1849 Son of 1036 March 2010 problems for any widely used software. Software is nevertheless encouraged to cope correctly with the full range of possibilities, since aberrations are known to occur. Relayers MUST disregard headers not described in this Draft (that is, with header names not mentioned in this Draft) and pass them on unaltered. Posters wishing to convey non-standard information in headers SHOULD use header names beginning with "X-". No standard header name will ever be of this form. Reading agents SHOULD ignore "X-" headers, or at least treat them with great care. The order of headers in an article is not significant. However, posting agents are encouraged to put mandatory headers (see Section 5) first, followed by optional headers (see Section 6), followed by headers not defined in this Draft. NOTE: While relayers and reading agents must be prepared to handle any order, having the significant headers (the precise definition of "significant" depends on context) first can noticeably improve efficiency, especially in memory-limited environments where it is difficult to buffer up an arbitrary quantity of headers while searching for the few that matter. Header names are case-insensitive. There is a preferred case convention, which posters and posting agents SHOULD use: each hyphen- separated "word" has its initial letter (if any) in uppercase and the rest in lowercase, except that some abbreviations have all letters uppercase (e.g., "Message-ID" and "MIME-Version"). The forms used in this Draft are the preferred forms for the headers described herein. Relayers and reading agents are warned that articles might not obey this convention. NOTE: Although software must be prepared for the possibility of random use of case in header names (and other case-independent text), establishing a preferred convention reduces pointless diversity and may permit optimized software that looks for the preferred forms before resorting to less-efficient case- insensitive searches. In general, a header can consist of several lines, with each continuation line beginning with white space. The EOLs preceding continuation lines are ignored when processing such a header, effectively combining the start-line and the continuations into a single logical line. The logical line, less the header name, colon, and any white space following the colon, is the "header content". Spencer Historic [Page 17] RFC 1849 Son of 1036 March 2010 4.2.2. Undesirable Headers A header whose content is empty is said to be an empty header. Relayers and reading agents SHOULD NOT consider presence or absence of an empty header to alter the semantics of an article (although syntactic rules, such as requirements that certain header names appear at most once in an article, MUST still be satisfied). Posting agents SHOULD delete empty headers from articles before posting them. Headers that merely state defaults explicitly (e.g., a Followup-To header with the same content as the Newsgroups header, or a MIME Content-Type header with contents "text/plain; charset=us-ascii") or state information that reading agents can typically determine easily themselves (e.g., the length of the body in octets) are redundant, conveying no information whatsoever. Headers that state information that cannot possibly be of use to a significant number of relayers, reading agents, or readers (e.g., the name of the software package used as the posting agent) are useless and pointless. Posters and posting agents SHOULD avoid including redundant or useless headers in articles. NOTE: Information that someone, somewhere, might someday find useful is best omitted from headers. (There's quite enough of it in article bodies.) Headers should contain information of known utility only. This is not meant to preclude inclusion of information primarily meant for news-software debugging, but such information should be included only if there is real reason, preferably based on experience, to suspect that it may be genuinely useful. Articles passing through gateways are the only obvious case where inclusion of debugging information appears clearly legitimate. (See Section 10.1.) NOTE: A useful rule of thumb for software implementors is: "if I had to pay a dollar a day for the transmission of this header, would I still think it worthwhile?". 4.2.3. White Space and Continuations The colon following the header name on the start-line MUST be followed by white space, even if the header is empty. If the header is not empty, at least some of the content MUST appear on the start- line. Posting agents MUST enforce these restrictions, but relayers (etc.) SHOULD accept even articles that violate them. NOTE: MAIL does not require white space after the colon, but it is usual. [RFC1036] required the white space, even in empty headers, and some existing software demands it. In MAIL, and arguably in [RFC1036] (although the wording is vague), it is technically Spencer Historic [Page 18] RFC 1849 Son of 1036 March 2010 legitimate for the white space to be part of a continuation line rather than the start-line, but not all existing software will accept this. Deleting empty headers and placing some content on the start-line avoids this issue; this is desirable because trailing blanks, easily deleted by accident, are best not made significant in headers. In general, posters and posting agents SHOULD use blank (ASCII 32), not tab (ASCII 9), where white space is desired in headers. Existing software does not consistently accept tab as synonymous with blank in all contexts. In particular, [RFC1036] appeared to specify that the character immediately following the colon after a header name was required to be a blank, and some news software insists on that, so this character MUST be a blank. Again, posting agents MUST enforce these restrictions but relayers SHOULD be more tolerant. Since the white space beginning a continuation line remains a part of the logical line, headers can be "broken" into multiple lines only at white space. Posting agents SHOULD NOT break headers unnecessarily. Relayers SHOULD preserve existing header breaks, and SHOULD NOT introduce new breaks. Breaking headers SHOULD be a last resort; relayers and reading agents SHOULD handle long header lines gracefully. (See the discussion of size limits in Section 4.6.) 4.3. Body Although the article body is unstructured for most of the purposes of this Draft, structure MAY be imposed on it by other means, notably MIME headers (see Appendix B). 4.3.1. Body Format Issues The body of an article MAY be empty, although posting agents SHOULD consider this an error condition (meriting returning the article to the poster for revision). A posting agent that does not reject such an article SHOULD issue a warning message to the poster and supply a non-empty body. Note that the separator line MUST be present even if the body is empty. NOTE: An empty body is probably a poster error except, arguably, for some control messages, and even they really ought to have a body explaining the reason for the control message. Some old reading agents are known to generate empty bodies for "cancel" control messages, so posting agents might opt not to reject bodyless articles in such cases (although it would be better to fix the reading agents to request a body). However, some existing news software is known to react badly to bodyless articles, hence the request for posting agents to insert a body in such cases. Spencer Historic [Page 19] RFC 1849 Son of 1036 March 2010 NOTE: A possible posting-agent-supplied body text (already used by one widespread posting agent) is "This article was probably generated by a buggy news reader". (The use of "reader" to refer to the reading agent is traditional, although this Draft uses more precise terminology.) NOTE: The requirement for the separator line even in a bodyless article is inherited from MAIL and also distinguishes legitimately bodyless articles from articles accidentally truncated in the middle of the headers. Note that an article body is a sequence of lines terminated by EOLs, not arbitrary binary data, and in particular it MUST end with an EOL. However, relayers SHOULD treat the body of an article as an uninterpreted sequence of octets (except as mandated by changes of EOL representation and by control-message processing) and SHOULD avoid imposing constraints on it. See also Section 4.6. 4.3.2. Body Conventions Although body lines can in principle be very long (see Section 4.6 for some discussion of length limits), posters SHOULD restrict body line lengths to circa 70-75 characters. On systems where text is conventionally stored with EOLs only at paragraph breaks and other "hard return" points, with software breaking lines as appropriate for display or manipulation, posting agents SHOULD insert EOLs as necessary so that posted articles comply with this restriction. NOTE: News originated in environments where line breaks in plain text files were supplied by the user, not the software. Be this good or bad, much reading-agent and posting-agent software assumes that news articles follow this convention, so it is often inconvenient to read or respond to articles that violate it. The "70-75" number comes from the widespread use of display devices that are 80 columns wide (with the number reduced to provide a bit of margin for quoting, see below). Reading agents confronted with body lines much longer than the available output-device width SHOULD break lines as appropriate. Posters are warned that such breaks may not occur exactly where the poster intends. NOTE: "As appropriate" would typically include breaking lines when supplying the text of an article to be quoted in a reply or followup, something that line-breaking reading agents often neglect to do now. Spencer Historic [Page 20] RFC 1849 Son of 1036 March 2010 Although styles vary widely, for plain text it is usual to use no left margin, leave the right edge ragged, use a single empty line to separate paragraphs, and employ normal natural-language usage on matters such as upper/lowercase. (In particular, articles SHOULD NOT be written entirely in uppercase. In environments where posters have access only to uppercase, posting agents SHOULD translate it to lowercase.) NOTE: Most people find substantial bodies of text entirely in uppercase relatively hard to read, while all-lowercase text merely looks slightly odd. The common association of uppercase with strong emphasis adds to this. Tone of voice does not carry well in written text, and misunderstandings are common when sarcasm, parody, or exaggeration for humorous effect is attempted without explicit warning. It has become conventional to use the sequence ":-)", which (on most output devices) resembles a rotated "smiley face" symbol, as a marker for text not meant to be taken literally, especially when humor is intended. This practice aids communication and averts unintended ill-will; posters are urged to use it. A variety of analogous sequences are used with less-standardized meanings [Sanderson]. The order of arrival of news articles at a particular host depends somewhat on transmission paths, and occasionally articles are lost for various reasons. When responding to a previous article, posters SHOULD NOT assume that all readers understand the exact context. It is common to quote some of the previous article to establish context. This SHOULD be done by prefacing each quoted line (even if it is empty) with the character ">". This will result in multiple levels of ">" when quoted context itself contains quoted context. NOTE: It may seem superfluous to put a prefix on empty lines, but it simplifies implementation of functions such as "skip all quoted text" in reading agents. Readability is enhanced if quoted text and new text are separated by an empty line. Posters SHOULD edit quoted context to trim it down to the minimum necessary. However, posting agents SHOULD NOT attempt to enforce this by imposing overly simplistic rules like "no more than 50% of the lines should be quotes". NOTE: While encouraging trimming is desirable, the 50% rule imposed by some old posting agents is both inadequate and counterproductive. Posters do not respond to it by being more selective about quoting; they respond by padding short responses, Spencer Historic [Page 21] RFC 1849 Son of 1036 March 2010 or by using different quoting styles to defeat automatic analysis. The former adds unnecessary noise and volume, while the latter also defeats more useful forms of automatic analysis that reading agents might wish to do. NOTE: At the very least, if a minimum-unquoted quota is being set, article bodies shorter than (say) 20 lines, or perhaps articles that exceed the quota by only a few lines, should be exempt. This avoids the ridiculous situation of complaining about a 5-line response to a 6-line quote. NOTE: A more subtle posting-agent rule, suggested for experimental use, is to reject articles that appear to contain quoted signatures (see below). This is almost certainly the result of a careless poster not bothering to trim down quoted context. Also, if a posting agent or followup agent presents an article template to the poster for editing, it really should take note of whether the poster actually made any changes, and refrain from posting an unmodified template. Some followup agents supply "attribution" lines for quoted context, indicating where it first appeared and under whose name. When multiple levels of quoting are present and quoted context is edited for brevity, "inner" attribution lines are not always retained. The editing process is also somewhat error-prone. Reading agents (and readers) are warned not to assume that attributions are accurate. UNRESOLVED ISSUE: Should a standard format for attribution lines be defined? There is already considerable diversity, but automatic news analysis would be substantially aided by a standard convention. Early difficulties in inferring return addresses from article headers led to "signatures": short closing texts, automatically added to the end of articles by posting agents, identifying the poster and giving his network addresses, etc. If a poster or posting agent does append a signature to an article, the signature SHOULD be preceded with a delimiter line containing (only) two hyphens (ASCII 45) followed by one blank (ASCII 32). Posting agents SHOULD limit the length of signatures, since verbose excess bordering on abuse is common if no restraint is imposed; 4 lines is a common limit. NOTE: While signatures are arguably a blemish, they are a well- understood convention, and conveying the same information in headers exposes it to mangling and makes it rather less conspicuous. A standard delimiter line makes it possible for reading agents to handle signatures specially if desired. Spencer Historic [Page 22] RFC 1849 Son of 1036 March 2010 (This is unfortunately hampered by extensive misunderstanding of, and misuse of, the delimiter.) NOTE: The choice of delimiter is somewhat unfortunate, since it relies on preservation of trailing white space, but it is too well-established to change. There is work underway to define a more sophisticated signature scheme as part of MIME, and this will presumably supersede the current convention in due time. NOTE: Four 75-column lines of signature text is 300 characters, which is ample to convey name and mail-address information in all but the most bizarre situations. 4.4. Characters and Character Sets Header and body lines MAY contain any ASCII characters other than CR (ASCII 13), LF (ASCII 10), and NUL (ASCII 0). NOTE: CR and LF are excluded because they clash with common EOL conventions. NUL is excluded because it clashes with the C end-of-string convention, which is significant to most existing news software. These three characters are unlikely to be transmitted successfully. However, posters SHOULD avoid using ASCII control characters except for tab (ASCII 9), formfeed (ASCII 12), and backspace (ASCII 8). Tab signifies sufficient horizontal white space to reach the next of a set of fixed positions; posters are warned that there is no standard set of positions, so tabs should be avoided if precise spacing is essential. Formfeed signifies a point at which a reading agent SHOULD pause and await reader interaction before displaying further text. Backspace SHOULD be used only for underlining, done by a sequence of underscores (ASCII 95) followed by an equal number of backspaces, signifying that the same number of text characters following are to be underlined. Posters are warned that underlining is not available on all output devices and is best not relied on for essential meaning. Reading agents SHOULD recognize underlining and translate it to the appropriate commands for devices that support it. NOTE: Interpretation of almost all control characters is device- specific to some degree, and devices differ. Tabs and underlining are supported, to some extent, by most modern devices and reading agents, hence the cautious exemptions for them. The underlining method is specified because the inverse method, text and then underscores, is tempting to the naive; however, if sent unaltered to a device that shows only the most recent of several overstruck characters rather than a composite, the result can be utterly unreadable. Spencer Historic [Page 23] RFC 1849 Son of 1036 March 2010 NOTE: A common interpretation of tab is that it is a request to space forward to the next position whose number is one more than a multiple of 8, with positions numbered sequentially starting at 1. (So tab positions are 9, 17, 25, ...) Reading agents not constrained by existing system conventions might wish to use this interpretation. NOTE: It will typically be necessary for a reading agent to catch and interpret formfeed, not just send it to the output device. The actions performed by typical output devices on receiving a formfeed are neither adequate for, nor appropriate to, the pause- for-interaction meaning. Cooperating subnets that wish to employ non-ASCII character sets by using escape sequences (employing, e.g., ESC (ASCII 27), SO (ASCII 14), and SI (ASCII 15)) to alter the meaning of superficially ASCII characters MAY do so, but MUST use MIME headers to alert reading agents to the particular character set(s) and escape sequences in use. A reading agent SHOULD NOT pass such an escape sequence through, unaltered, to the output device unless the agent confirms that the sequence is one used to affect character sets and has reason to believe that the device is capable of interpreting that particular sequence properly. NOTE: Cooperating-subnet organizers are warned that some very old relayers strip certain control characters out of articles they pass along. ESC is known to be among the affected characters. NOTE: There are now standard Internet encodings for Japanese [RFC1345] and Vietnamese [RFC1456] in particular. Articles MUST NOT contain any octet with value exceeding 127, i.e., any octet that is not an ASCII character. NOTE: This rule, like others, may be relaxed by unanimous consent of the members of a cooperating subnet, provided suitable precautions are taken to ensure that rule-violating articles do not leak out of the subnet. (This has already been done in many areas where ASCII is not adequate for the local language(s).) Beware that articles containing non-ASCII octets in headers are a violation of the MAIL specifications and are not valid MAIL messages. MIME offers a way to encode non-ASCII characters in ASCII for use in headers; see Section 4.5. Spencer Historic [Page 24] RFC 1849 Son of 1036 March 2010 NOTE: While there is great interest in using 8-bit character sets, not all software can yet handle them correctly, hence the restriction to cooperating subnets. MIME encodings can be used to transmit such characters while remaining within the octet restriction. In anticipation of the day when it is possible to use non-ASCII characters safely anywhere, and to provide for the (substantial) cooperating subnets that are already using them, transmission paths SHOULD treat news articles as uninterpreted sequences of octets (except perhaps for transformations between EOL representations) and relayers SHOULD treat non-ASCII characters in articles as ordinary characters. NOTE: 8-bit enthusiasts are warned that not all software conforms to these recommendations yet. In particular, standard NNTP [RFC977] is a 7-bit protocol {but in [RFC3977] it has been upped to 8-bit}, and there may be implementations that enforce this rule. Be warned, also, that it will never be safe to send raw binary data in the body of news articles, because changes of EOL representation may (will!) corrupt it. Except where cooperating subnets permit more direct approaches, MIME headers and encodings SHOULD be used to transmit non-ASCII content using ASCII characters; see Section 4.5, Appendix B, and the MIME RFCs for details. If article content can be expressed in ASCII, it SHOULD be. Failing that, the order of preference for character sets is that described in MIME. NOTE: Using the MIME facilities, it is possible to transmit ANY character set, and ANY form of binary data, using only ASCII characters. Equally important, such articles are self-describing and the reading agent can tell which octet-to-symbol mapping is intended! Designation of some preferred character sets is intended to minimize the number of character sets that a reading agent must understand in order to display most articles properly. Articles containing non-ASCII characters, articles using ASCII characters (values 0 through 127) to refer to non-ASCII symbols, and articles using escape sequences to shift character sets SHOULD include MIME headers indicating which character set(s) and conventions are being used. They MUST do so unless such articles are strictly confined to a cooperating subnet that has its own pre-agreed conventions. MIME encodings are preferred over all of these techniques. If it comes to a relayer's attention that it is being asked to pass an article using such techniques outward across what it knows to be the boundary of such a cooperating subnet, it MUST report Spencer Historic [Page 25] RFC 1849 Son of 1036 March 2010 this error to its administrator and MAY refuse to pass the article beyond the subnet boundary. If it does pass the article, it MUST re-encode it with MIME encodings to make it conform to this Draft. NOTE: Such re-encoding is a non-trivial task, due to MIME rules such as the prohibition of nested encodings. It's not just a matter of pouring the body through a simple filter. Reading agents SHOULD note MIME headers and attempt to show the reader the closest possible approximation to the intended content. They SHOULD NOT just send the octets of the article to the output device unaltered, unless there is reason to believe that the output device will indeed interpret them correctly. Reading agents MUST NOT pass ASCII control characters or escape sequences, other than as discussed above, unaltered to the output device; only by chance would the result be the desired one, and there is serious potential for harmful side effects, either accidental or malicious. NOTE: Exactly what to do with unwanted control characters/sequences depends on the philosophy of the reading agent, but passing them straight to the output device is almost always wrong. If the reading agent wants to mark the presence of such a character/sequence in circumstances where only ASCII printable characters are available, translating it to "#" might be a suitable method; "#" is a conspicuous character seldom used in normal text. NOTE: Reading agents should be aware that many old output devices (or the transmission paths to them) zero out the top bit of octets sent to them. This can transform non-ASCII characters into ASCII control characters. Followup agents MUST be careful to apply appropriate transformations of representation to the outbound followup as well as the inbound precursor. A followup to an article containing non-ASCII material is very likely to contain non-ASCII material itself. 4.5. Non-ASCII Characters in Headers All octets found in headers MUST be ASCII characters. However, it is desirable to have a way of encoding non-ASCII characters, especially in "human-readable" headers such as Subject. MIME provides a way to do this. Full details may be found in the MIME specifications; herewith a quick summary to alert software authors to the issues. Spencer Historic [Page 26] RFC 1849 Son of 1036 March 2010 encoded-word = "=?" charset "?" encoding "?" codes "?=" charset = 1*tag-char encoding = 1*tag-char tag-char = < ASCII printable character except !()<>@,;:\"[]/?= > codes = 1*code-char code-char = <ASCII printable character except ?> An encoded word is a sequence of ASCII printable characters that specifies the character set, encoding method, and bits of (potentially) non-ASCII characters. Encoded words are allowed only in certain positions in certain headers. Specific headers impose restrictions on the content of encoded words beyond that specified in this section. Posting agents MUST ensure that any material resembling an encoded word (complete with all delimiters), in a context where encoded words may appear, really is an encoded word. NOTE: The syntax is a bit ugly, but it was designed to minimize chances of confusion with legitimate header contents, and to satisfy difficult constraints on use within existing headers. An encoded word MUST NOT be more than 75 octets long. Each line of a header containing encoded word(s) MUST be at most 76 octets long, not counting the EOL. NOTE: These limits are meant to bound the lookahead needed to determine whether text that begins with "=?" is really an encoded word. The details of charsets and encodings are defined by MIME; the sequence of preferred character sets is the same as MIME's. Encoded words SHOULD NOT be used for content expressible in ASCII. When an encoded word is used, other than in a newsgroup name (see Section 5.5), it MUST be separated from any adjacent non-space characters (including other encoded words) by white space. Reading agents displaying the contents of encoded words (as opposed to their encoded form) should ignore white space adjacent to encoded words. UNRESOLVED ISSUE: Should this section be deleted entirely, or made much more terse? The material is relevant, but too complex to discuss fully. NOTE: The deletion of intervening white space permits using multiple encoded words, implicitly concatenated by the deletion, to encode text that will not fit within a single 75-character encoded word. Spencer Historic [Page 27] RFC 1849 Son of 1036 March 2010 Reading-agent implementors are warned that although this Draft completely specifies where encoded words may appear in the headers it defines, there are other headers (e.g., the MIME Content-Description header) that MAY contain them. 4.6. Size Limits Implementations SHOULD avoid fixed constraints on the sizes of lines within an article and on the size of the entire article. Relayers SHOULD treat the body of an article as an uninterpreted sequence of octets (except as mandated by changes of EOL representation and processing of control messages), not to be altered or constrained in any way. If it is absolutely necessary for an implementation to impose a limit on the length of header lines, body lines, or header logical lines, that limit shall be at least 1000 octets, including EOL representations. Relayers and transmission paths confronted with lines beyond their internal limits (if any) MUST NOT simply inject EOLs at random places; they MAY break headers (as described in Section 4.2.3) as a last resort, and otherwise they MUST either pass the long lines through unaltered, or refuse to pass the article at all (see Section 9.1 for further discussion). NOTE: The limit here is essentially the same minimum as that specified for SMTP mail [RFC821]. Implementors are warned that Path (see Section 5.6) and References (see Section 6.5) headers, in particular, often become several hundred characters long, so 1000 is not an overly generous limit. All implementations MUST be able to handle an article totalling at least 65,000 octets, including headers and EOL representations, gracefully and efficiently. All implementations SHOULD be able to handle an article totalling at least 1,000,000 (one million) octets, including headers and EOL representations, gracefully and efficiently. "Gracefully and efficiently" is intended to preclude not only failures, but also major loss of performance, serious problems in error recovery, or resource consumption beyond what is reasonably necessary. NOTE: The intent here is to prohibit lowering the existing de facto limit any further, while strongly encouraging movement towards a higher one. Actually, although improvements are desirable in some cases, much news software copes reasonably well with very large articles. The same cannot be said of the communications software and protocols used to transmit news from one host to another, especially when slow communications links are Spencer Historic [Page 28] RFC 1849 Son of 1036 March 2010 involved. Occasional huge articles that appear now (by accident or through ignorance) typically leave trails of failing software, system problems, and irate administrators in their wake. NOTE: It is intended that the successor to this Draft will raise the "MUST" limit to 1,000,000 and the "SHOULD" limit still further. Posters SHOULD limit posted articles to at most 60,000 octets, including headers and EOL representations, unless the articles are being posted only within a cooperating subnet that is known to be capable of handling larger articles gracefully. Posting agents presented with a large article SHOULD warn the poster and request confirmation. NOTE: The difference between this and the earlier "MUST" limit is due to margin for header growth, differing EOL representations, and transmission overheads. NOTE: Disagreeable though these limits are, it is a fact that in current networks, an article larger than 64K (after header growth, etc.) simply is not transmitted reliably. Note also the comments above on the trauma caused by single extremely large articles now; the problems are real and current. These problems arguably should be fixed, but this will not happen network-wide in the immediate future, hence the restriction of larger articles to cooperating subnets, for now. Posters using non-ASCII characters in their text MUST take into account the overhead involved in MIME encoding, unless the article's propagation will be entirely limited to a cooperating subnet that does not use MIME encodings for non-ASCII characters. For example, MIME base64 encoding involves growth by a factor of approximately 4/3, so an article that would likely have to use this encoding should be at most about 45,000 octets before encoding. Posters SHOULD use MIME "message/partial" conventions to facilitate automatic reassembly of a large document split into smaller pieces for posting. It is recommended that the content identifier used should be a message ID, generated by the same means as article message IDs (see Section 5.3), and that all parts should have a See-Also header (see Section 6.16) giving the message IDs of at least the previous parts and preferably all of the parts. NOTE: See-Also is more correct for this purpose than References, although References is in common use today (with less-formal reassembly arrangements). MIME reassemblers should probably Spencer Historic [Page 29] RFC 1849 Son of 1036 March 2010 examine articles suggested by References headers if See-Also headers are not present to indicate the whereabouts of the other parts of "message/partial" articles. To repeat: implementations SHOULD avoid fixed constraints on the sizes of lines within an article and on the size of the entire article. 4.7. Example Here is a sample article: From: jerry@eagle.ATT.COM (Jerry Schwarz) Path: cbosgd!mhuxj!mhuxt!eagle!jerry Newsgroups: news.announce Subject: Usenet Etiquette -- Please Read Message-ID: <642@eagle.ATT.COM> Date: Mon, 17 Jan 1994 11:14:55 -0500 (EST) Followup-To: news.misc Expires: Wed, 19 Jan 1994 00:00:00 -0500 Organization: AT&T Bell Laboratories, Murray Hill body body body 5. Mandatory Headers An article MUST have one, and only one, of each of the following headers: Date, From, Message-ID, Subject, Newsgroups, Path. NOTE: MAIL specifies (if read most carefully) that there must be exactly one Date header and exactly one From header, but otherwise does not restrict multiple appearances of headers. (Notably, it permits multiple Message-ID headers!) This appears singularly useless, or even harmful, in the context of news, and much current news software will not tolerate multiple appearances of mandatory headers. Note also that there are situations, discussed in the relevant parts of Section 6, where References, Sender, or Approved headers are mandatory. In the discussions of the individual headers, the content of each is specified using the syntax notation. The convention used is that the content of, for example, the Subject header is defined as <Subject-content>. Spencer Historic [Page 30] RFC 1849 Son of 1036 March 2010 5.1. Date The Date header contains the date and time when the article was submitted for transmission: Date-content = [ weekday "," space ] date space time weekday = "Mon" / "Tue" / "Wed" / "Thu" / "Fri" / "Sat" / "Sun" date = day space month space year day = 1*2digit month = "Jan" / "Feb" / "Mar" / "Apr" / "May" / "Jun" / "Jul" / "Aug" / "Sep" / "Oct" / "Nov" / "Dec" year = 4digit / 2digit time = hh ":" mm [ ":" ss ] space timezone timezone = "UT" / "GMT" / ( "+" / "-" ) hh mm [ space "(" zone-name ")" ] hh = 2digit mm = 2digit ss = 2digit zone-name = 1*( <ASCII printable character except ()\> / space ) This is a restricted subset of the MAIL date format. If a weekday is given, it MUST be consistent with the date. The modern Gregorian calendar is used, and dates MUST be consistent with its usual conventions; for example, if the month is May, the day must be between 1 and 31 inclusive. The year SHOULD be given as four digits, and posting agents SHOULD enforce this; however, relayers MUST accept the two-digit form, and MUST interpret it as having the implicit prefix "19". NOTE: Two-digit year numbers can, should, and must be phased out by 1999. The time is given on the 24-hour clock, e.g., two hours before midnight is "22:00" or "22:00:00". The hh must be between 00 and 23 inclusive, the mm between 0 and 59 inclusive, and the ss between 0 and 60 inclusive. NOTE: Leap seconds very occasionally result in minutes that are 61 seconds long. The date and time SHOULD be given in the poster's local time zone, including a specification of that time zone as a numeric offset (which SHOULD include the time zone name, e.g., "EST", supplied in parentheses like a MAIL comment). If not, they MUST be given in Universal Time (abbreviated "UT"; "GMT" is a historical synonym for Spencer Historic [Page 31] RFC 1849 Son of 1036 March 2010 "UT"). The time zone name in parentheses, if present, is a comment; software MUST ignore it, except that reading agents might wish to display it to the reader. Time zone names other than "UT" and "GMT" MUST appear only in the comment. NOTE: Attempts to deal with a full set of time zone names have all foundered on the vast number of such names in use and the duplications (for example, there are at least FIVE different time zones called "EST" by somebody). Even the limited set of North American zone names authorized by MAIL is subject to confusion and misinterpretation, hence the flat ban on non-UT time zone names, except as comments. NOTE: [RFC1036] specified that use of GMT (aka UT, UTC) was preferred. However, the local time (in the poster's time zone) is arguably information of possible interest to the reader, and this requires some indication of the poster's time zone. Numeric offsets are an unambiguous way of doing this, and their use was indeed sanctioned by [RFC1036] (that is, this is a change of preference only). NOTE: There is frequent confusion, including errors in some news software, regarding the sign of numeric time zones. Zones west of Greenwich have negative offsets. For example, North American Eastern Standard Time is zone -0500 and North American Eastern Daylight Time is zone -0400. NOTE: Implementors are warned that the hh in a time zone can go up to about 14; it is not limited to 12. This is because the International Date Line does not run exactly along the boundary between zone -1200 and zone +1200. NOTE: The comments in Section 2.6 regarding translation to other languages are relevant here. The Date-content format, and the spellings of its components, as found in articles themselves, are always as defined in this Draft, regardless of the language used to interact with readers and posters. Reading and posting agents should translate as appropriate. Actually, even English-language reading and posting agents will probably want to do some degree of translation on dates, if only to abbreviate the lengthy format and (perhaps) translate to and from the reader's time zone. Spencer Historic [Page 32] RFC 1849 Son of 1036 March 2010 5.2. From The From header contains the electronic address, and possibly the full name, of the article's author: From-content = address [ space "(" paren-phrase ")" ] / [ plain-phrase space ] "<" address ">" paren-phrase = 1*( paren-char / space / encoded-word ) paren-char = <ASCII printable character except ()<>\> plain-phrase = plain-word *( space plain-word ) plain-word = unquoted-word / quoted-word / encoded-word unquoted-word = 1*unquoted-char unquoted-char = <ASCII printable character except !()<>@,;:\".[]> quoted-word = quote 1*( quoted-char / space ) quote quote = <" (ASCII 34)> quoted-char = <ASCII printable character except "()<>\> address = local-part "@" domain local-part = unquoted-word *( "." unquoted-word ) domain = unquoted-word *( "." unquoted-word ) (Encoded words are described in Section 4.5.) The full name is distinguished from the electronic address either by enclosing the former in parentheses (making it resemble a MAIL comment, after the address) or by enclosing the latter in angle brackets. The second form is preferred. In the first form, encoded words inside the full name MUST be composed entirely of <paren-char>s. In the second form, encoded words inside the full name may not contain characters other than letters (of either case), digits, and the characters "!", "*", "+", "-", "/", "=", and "_". The local part is case-sensitive (except that all case counterparts of "postmaster" are deemed equivalent), the domain is case-insensitive, and all other parts of the From content are comments that MUST be ignored by news software (except insofar as reading agents may wish to display them to the reader). Posters and posting agents MUST restrict themselves to this subset of the MAIL From syntax; relayers MAY accept a broader subset, but see the discussion in Section 9.1. NOTE: The syntax here is a restricted subset of the MAIL From syntax, with quoting particularly restricted, for simple parsing. In particular, the presence of "<" in the From content indicates that the second form is being used; otherwise, the first form is being used. The major restrictions here are those already de facto imposed by existing software. NOTE: Overly lenient posting agents sometimes permit the second form with a full name containing "(" or ")", but it is extremely rare for a full name to contain "<" or ">", even in mail. Spencer Historic [Page 33] RFC 1849 Son of 1036 March 2010 Accordingly, reading agents wishing to robustly determine which form is in use in a particular article should key on the presence or absence of "<", not the presence or absence of "(". The address SHOULD be a valid and complete Internet domain address, capable of being successfully mailed to by an Internet host (possibly via an MX (Mail Exchange) record and a forwarder). The pseudo-domain ".uucp" MAY be used for hosts registered in the UUCP maps (e.g., name "xyz.uucp" for registered site "xyz"), but such hosts SHOULD discontinue this usage (either by arranging a proper Internet address and forwarder, or by using the "% hack" (see below)), as soon as possible. Bitnet hosts SHOULD use Internet addresses, avoiding the obsolescent ".bitnet" pseudo-domain. Other forms of address MUST NOT be used. NOTE: "Other forms" specifically include UK-style "backward" domains ("uk.oxbridge.cs" is in the Czech Republic, not the UK), pure-UUCP addressing ("knee!shin!foot" instead of "foot%shin@knee.uucp"), and abbreviated domains ("zebra.zoo" instead of "zebra.zoo.toronto.edu"). If it is necessary to use the local part to specify a routing relative to the nearest Internet host, this MUST be done using the "% hack", using "%" as a secondary "@". For example, to specify that mail to the address should go to Internet host "foo.bar.edu", then to non-Internet host "ein", then to non-Internet host "deux", for delivery there to mailbox "fred", a suitable address would be: fred%deux%ein@foo.bar.edu Analogous forms using "!" in the local part MUST NOT be used, as they are ambiguous; they should be expressed in the "%" form. NOTE: "a!b@c" can be interpreted as either "b%c@a" or "b%a@c", and there is no consistency in which choice is made. Such addresses consequently are unreliable. The "%" form does not suffer from this problem, and although its use is officially discouraged, it is a de facto standard, to the point that MAIL recognizes it. Relayers MUST NOT, repeat MUST NOT, repeat MUST NOT, rewrite From lines, in any way, however minor or seemingly innocent. Trying to "fix" a non-conforming address has a very high probability of making things worse. Either pass it along unchanged or reject the article. NOTE: An additional reason for banning the use of "!" addressing is that it has a much higher probability of being rewritten into mangled unrecognizability by old relayers. Spencer Historic [Page 34] RFC 1849 Son of 1036 March 2010 Posters and posting agents SHOULD avoid use of the characters "!" and "@" in full names, as they may trigger unwanted header rewriting by old, simple-minded news software. NOTE: Also, the characters "." and ",", not infrequently found in names (e.g., "John W. Campbell, Jr."), are NOT, repeat NOT, allowed in an unquoted word. A From header like the following MUST NOT be written without the quotation marks: From: "John W. Campbell, Jr." <editor@analog.com> 5.3. Message-ID The Message-ID header contains the article's message ID, a unique identifier distinguishing the article from every other article: Message-ID-content = message-id message-id = "<" local-part "@" domain ">" As with From addresses, a message ID's local part is case-sensitive, and its domain is case-insensitive. The "<" and ">" are parts of the message ID, not peculiarities of the Message-ID header. NOTE: News message IDs are a restricted subset of MAIL message IDs. In particular, no existing news software copes properly with MAIL quoting conventions within the local part, so they are forbidden. This is unfortunate, particularly for X.400 gateways that often wish to include characters that are not legal in unquoted message IDs, but it is impossible to fix net-wide. See the notes on gatewaying in Section 10. The domain in the message ID SHOULD be the full Internet domain name of the posting agent's host. Use of the ".uucp" pseudo-domain (for hosts registered in the UUCP maps) or the ".bitnet" pseudo-domain (for Bitnet hosts) is permissible but SHOULD be avoided. Posters and posting agents MUST generate the local part of a message ID using an algorithm that obeys the specified syntax (words separated by ".", with certain characters not permitted) (see Section 5.2 for details) and will not repeat itself (ever). The algorithm SHOULD NOT generate message IDs that differ only in case of letters. Note the specification in Section 6.5 of a recommended convention for indicating subject changes. Otherwise, the algorithm is up to the implementor. NOTE: The crucial use of message IDs is to distinguish circulating articles from each other and from articles circulated recently. They are also potentially useful as permanent indexing keys, hence Spencer Historic [Page 35] RFC 1849 Son of 1036 March 2010 the requirement for permanent uniqueness, but indexers cannot absolutely rely on this because the earlier RFCs urged it but did not demand it. All major implementations have always generated permanently unique message IDs by design, but in some cases this is sensitive to proper administration, and duplicates may have occurred by accident. NOTE: The most popular method of generating local parts is to use the date and time, plus some way of distinguishing between simultaneous postings on the same host (e.g., a process number), and encode them in a suitably restricted alphabet. An older but now less-popular alternative is to use a sequence number, incremented each time the host generates a new message ID; this is workable but requires careful design to cope properly with simultaneous posting attempts, and it is not as robust in the presence of crashes and other malfunctions. NOTE: Some buggy news software considers message IDs completely case-insensitive, hence the advice to avoid relying on case distinctions. The restrictions placed on the "alphabet" of local parts and domains in Section 5.2 have the useful side effect of making it unnecessary to parse message IDs in complex ways to break them into case-sensitive and case-insensitive portions. The local part of a message ID MUST NOT be "postmaster" or any other string that would compare equal to "postmaster" in a case-insensitive comparison. Message IDs MUST be no longer than 250 octets, including the "<" and ">". NOTE: "Postmaster" is an irksome exception to case-sensitivity in local parts, inherited from MAIL, and simply avoiding it is the best way to deal with it (not that it's likely, but the issue needs to be dealt with). The length limit is undesirable but is present in widely used existing software. The limit is actually 255, but a small safety margin is wise. 5.4. Subject The Subject header's content (the "subject" of the article) is a short phrase describing the topic of the article: Subject-content = [ "Re: " ] nonblank-text Encoded words MAY appear in this header. Spencer Historic [Page 36] RFC 1849 Son of 1036 March 2010 If the article is a followup, the subject SHOULD begin with "Re: " (a "back reference"). If the article is not a followup, the subject MUST NOT begin with a back reference. Back references are case- insensitive, although "Re: " is the preferred form. A followup agent assisting a poster in preparing a followup SHOULD prepend a back reference, UNLESS the subject already begins with one. If the poster determines that the topic of the followup differs significantly from what is described in the subject, a new, more descriptive subject SHOULD be substituted (with no back reference). An article whose subject begins with a back reference MUST have a References header referencing the precursor. NOTE: A back reference is FOUR characters, the fourth being a blank. [RFC1036] was confused about this. Observe also that only ONE back reference should be present. NOTE: There is a semi-standard convention, often used, in which a subject change is flagged by making the new Subject-content of the form: new topic (was: old topic) possibly with "old topic" somewhat truncated. Posters wishing to do something like this are urged to use this exact form, to simplify automated analysis. For historical reasons, the subject MUST NOT begin with "cmsg " (note that this sequence ends with a blank). NOTE: Some old news software takes a subject beginning with "cmsg " as an indication that the article is a control message (see Sections 6.6 and 7). This mechanism is obsolete and undesirable, but accidental triggering of it is still possible. The subject SHOULD be terse. Posters SHOULD avoid trying to cram their entire article into the headers; even the simplest query usually benefits from a sentence or two of elaboration and context, and the details of header display vary widely among reading agents. NOTE: All-in-the-subject articles are sometimes the result of misunderstandings over the interaction protocol of a posting agent. Posting agents might wish to give special attention to the possibility that a poster specifying a very long subject might have thought he was typing the body of the article. Spencer Historic [Page 37] RFC 1849 Son of 1036 March 2010 5.5. Newsgroups The Newsgroups header's content specifies to which newsgroup(s) the article is posted: Newsgroups-content = newsgroup-name *( ng-delim newsgroup-name ) newsgroup-name = plain-component *( "." component ) component = plain-component / encoded-word plain-component = component-start *13component-rest component-start = lowercase / digit lowercase = <letter a-z> component-rest = component-start / "+" / "-" / "_" ng-delim = "," Encoded words used in newsgroup names MUST NOT contain characters other than letters, digits, "+", "-", "/", "_", "=", and "?" (although they may encode them). A newsgroup name consists of one or more components, which may be plain components or (except for the first) encoded words. A plain component MUST contain at least one letter, MUST begin with a letter or digit, and MUST NOT be longer than 14 characters. The first component MUST begin with a letter; subsequent components SHOULD begin with a letter. Newsgroup names MUST NOT contain uppercase letters, except where required by encodings in encoded words. The sequences "all" and "ctl" MUST NOT be used as components. NOTE: The alphabet and syntax specified encompasses all existing names of widespread newsgroups, while avoiding various forms that are known to cause problems. Important existing software uses various non-alphanumeric characters as punctuation adjacent to newsgroup names. (It would, in fact, be preferable to ban "+" from newsgroup names, were it not that several widespread newsgroups related to the C++ programming language already use it.) NOTE: Much existing software converts the newsgroup name into a directory path and stores the articles themselves using numeric filenames, so all-digit name components can be troublesome; the "Great Renaming" early in the history of Usenet included revisions of several newsgroup names to eliminate such components. NOTE: The same storage technique is the reason for the 14-character limit. The limit is now largely historical, since most modern systems have much larger limits on the length of a directory entry's name, but many old systems are still in use. Systems with shorter limits also exist, but news software on such systems has had to deal with the problem already, since there are Spencer Historic [Page 38] RFC 1849 Son of 1036 March 2010 several widespread newsgroups with 14-character components in their names. Implementors are warned that it is intended that the successor to this Draft will increase the 14-character limit, and they are urged to fix their software to handle longer names gracefully (if such fixes are necessary, given the intended domain of application of the particular software). NOTE: The requirement that the first character of a name be a letter accommodates existing software that assumes it can tell the difference between a newsgroup name and other possible syntactic entities by inspecting the first character. Similar considerations motivate excluding "+", "-", and "_" from coming first in a component, and the preference for components that do not begin with digits. The "all" sequence is used as a wildcard symbol in much existing software, and the "ctl" sequence was involved in an obsolete historical mechanism for marking control messages, so they are best avoided. NOTE: Possibly newsgroup names should have been case-insensitive, but all existing software treats them as case-sensitive. ([RFC977] claims that they are case-insensitive in NNTP, but existing implementations are believed to ignore this.) The simplest solution is just to ban use of uppercase letters, since no widespread newsgroup name uses them anyway; this avoids any possibility of confusion. NOTE: The syntax has the disadvantage of containing no white space, making it impossible to continue a Newsgroups header across several lines. Implementors of relayers and reading agents are warned that it is intended that the successor to this Draft will change the definition of ng-delim to: ng-delim = "," [ space ] and are urged to fix their software to handle (i.e., ignore) white space following the commas. Meanwhile, posters must avoid inserting such space (despite the natural-language convention that permits it), and posting agents should strip it out. NOTE: Encoded words as components are somewhat problematic but are clearly desirable for use in non-English-speaking nations. They are not subject to the 14-character limit, and this (plus the possibility of "/" within them) may require special handling in news software. Spencer Historic [Page 39] RFC 1849 Son of 1036 March 2010 Encoded words are allowed in newsgroup names ONLY where non-ASCII characters are necessary to the name, and they must use the "b" encoding [RFC2045] and the first suitable character set in the MIME order of preferred character sets [RFC2047] {ASCII before ISO-8859-* before anything else}. NOTE: Since the newsgroup name is the encoded form, NOT the underlying non-ASCII form, there is room for terrible confusion here if the choice of encoding for a particular name is not fully standardized. Posters SHOULD use only the names of existing newsgroups in the Newsgroups header, because newsgroups are NOT created simply by being posted to. However, it is legitimate to cross-post to newsgroup(s) that do not exist on the posting agent's host, provided that at least one of the newsgroups DOES exist there, and followup agents MUST accept this (posting agents MAY accept it, but SHOULD at least alert the poster to the situation and request confirmation). Relayers MUST NOT rewrite Newsgroups headers in any way, even if some or all of the newsgroups do not exist on the relayer's host. NOTE: Early experience with news software that created newsgroups when they were mentioned in a Newsgroups header was thoroughly negative: posters frequently mistype newsgroup names. NOTE: While it is legitimate for some of an article's newsgroups not to exist on the host where it is posted, this IS a rather unusual situation except in followups (which should go to all newsgroups the precursor was posted to, even if not all of them reach the site where the followup is being posted). NOTE: Rewriting Newsgroups headers to strip locally unknown newsgroups is superficially attractive. However, early experience with exactly that policy was thoroughly negative: news propagation is more redundant and much less orderly than many people imagine, and in particular it is not unheard of for the (sometimes) fastest path between two (say) University of Toronto sites to pass outside the University of Toronto, in which case newsgroup stripping can cause incomplete propagation. Having an article's set of newsgroups change as it propagates can also result in followups not achieving the same propagation as the original. It's been tried; it's more trouble than it's worth; don't do it. NOTE: In particular, newsgroup stripping superficially looks like a solution to the problem of duplicate regional newsgroup names. For example, both the University of Toronto and the University of Texas have "ut.general" newsgroups, and material cross-posted to that name and a global newsgroup appears in both universities' Spencer Historic [Page 40] RFC 1849 Son of 1036 March 2010 local newsgroups. However, the side effects of stripping are sufficiently unacceptable to disqualify it for this purpose. Don't do it. Cross-posting an article to several relevant newsgroups is far superior to posting separate articles with duplicated content to each newsgroup, because reading agents can detect the situation and show the article to a reader only once. Posters SHOULD cross-post rather than duplicate-post. NOTE: On the other hand, cross-posting to a large number of newsgroups usually indicates that the poster has not thought about his audience; articles are rarely pertinent to more than (say) half a dozen newsgroups. Posting agents might wish to request confirmation when the number of newsgroups exceeds (say) five in the presence of a Followup-To header, or (say) two in the absence of such a header. NOTE: One problem with cross-postings is what to do with an article cross-posted to a set of newsgroups including both moderated and unmoderated ones. Posters tend to expect such an article to show up immediately in the unmoderated newsgroups, especially if they do not realize that one or more of the newsgroups is moderated. However, since it is not possible for a moderator to retroactively add an already-posted article to a moderated newsgroup, the only correct action is to mail such an article to one (and only one) of the moderators for action. It is probably best for the posting agent to detect this situation and ask the poster what action is preferred. The acceptable choices are to alter the newsgroup list or to mail to a moderator of the poster's choice; the posting agent should NOT offer duplicate- posting as an easy-to-request option (if only because many moderators will reject a submission that has already been posted to unmoderated newsgroups). NOTE: An article cross-posted to multiple moderated newsgroups really should have approval from all of the moderators involved. In practice, the only straightforward way to do this is to send the article to one of them and have him consult the others. A newsgroup SHOULD NOT appear more than once in the Newsgroups header. Newsgroup names having only one component are reserved for newsgroups whose propagation is restricted to a single host (or the administrative equivalent). It is inadvisable to name a newsgroup Spencer Historic [Page 41] RFC 1849 Son of 1036 March 2010 "poster" because that word has special meaning in the Followup-To header (see Section 6.1). The names "control" and "junk" are frequently used for pseudo-newsgroups internal to relayer implementations, and hence are also best avoided. NOTE: Beware of the duplicate-regional-newsgroup-names problem mentioned above. In particular, there are many, many hosts with a newsgroup named "general", and some surprising things show up in such newsgroups when people cross-post. It is probably better to use multi-component names, which are less likely to be duplicated. Fred's Widget House should use "fwh.general" rather than just "general" as its in-house general-topics newsgroup. It is conventional to reserve newsgroup names beginning with "to." for test messages sent on an essentially point-to-point basis (see also the ihave/sendme protocol described in Section 7.2); newsgroup names beginning with "to." SHOULD NOT be used for any other purpose. The second (and possibly later) components of such a name should, together, comprise the relayer name (see Section 5.6) of a relayer. The newsgroup exists only at the named relayer and its neighbors. The neighbors all pass that newsgroup to the named relayer, while the named relayer does not pass it to anyone. The order of newsgroup names in the Newsgroups header is not significant. 5.6. Path The Path header's content indicates which relayers the article has already visited, so that unnecessary redundant transmission can be avoided: Path-content = [ path-list path-delimiter ] local-part path-list = relayer-name *( path-delimiter relayer-name ) relayer-name = 1*rn-char rn-char = letter / digit / "." / "-" / "_" path-delimiter = "!" The Path content is a list of relayer names, separated by path delimiters, followed (after a final delimiter) by the local part of a mailing address. Each relayer MUST prepend its name, and a delimiter, to the Path content in all articles it processes. A relayer MUST NOT pass an article to a neighboring relayer whose name is already mentioned in an article's path list, unless this is explicitly requested by the neighbor in some way. The Path content is case-sensitive. Spencer Historic [Page 42] RFC 1849 Son of 1036 March 2010 NOTE: The Path header supplied by a posting agent should normally contain only the local part. The relayer that the posting agent passes the article to for posting will prepend its relayer name to get the path list started. NOTE: Observe that the trailing local part is NOT part of the path list. This Path header: Path: fee!fie!foe!fum contains three relayer names: "fee", "fie", and "foe". A relayer named "fum" is still eligible to be sent this article. NOTE: This syntax has the disadvantage of containing no white space, making it impossible to continue a Path header across several lines. Implementors of relayers and reading agents are warned that it is intended that the successor to this Draft will change the definition of path delimiter to: path-delimiter = "!" [ space ] and are urged to fix their software to handle (i.e., ignore) white space following the exclamation points. They are urged to hurry; some ill-behaved systems reportedly already feel free to add such white space. NOTE: [RFC1036] allows considerably more flexibility in choice of delimiter, in theory, but this flexibility has never been used, and most news software does not implement it properly. The grammar reflects the current reality. Note, in particular, that [RFC1036] treats "_" as a delimiter, but in fact it is known to appear in relayer names occasionally. Because an article will not propagate to a relayer already mentioned in its path list, the path list MUST NOT contain any names other than those of relayers the article has passed through AS NEWS. This is trivially obvious for normal news articles but requires attention from the moderators of moderated newsgroups and the implementors and maintainers of gateways. NOTE: For the same reason, a relayer and its neighbors need to agree on the choice of relayer name, and names should not be changed without notifying neighbors. Relayer names need to be unique among all relayers that will ever see the articles using them. A relayer name is normally either an "official" name for the host the relayer runs on, or some other "official" name controlled by the same organization. Except in Spencer Historic [Page 43] RFC 1849 Son of 1036 March 2010 cooperating subnets that agree to some other convention and don't let articles using it escape beyond the subnet, a relayer name MUST be either a UUCP name registered in the UUCP maps (without any domain suffix such as ".UUCP") or a complete Internet domain name. Use of a (registered) UUCP name is recommended, where practical, to keep the length of the path list down. The use of Internet domain names in the path list presents one problem: domain names are case-insensitive, but the path list is case-sensitive. Relayers using domain names as their relayer names MUST pick a standard form for the name and use that form consistently to the exclusion of all others. The preferred form for this purpose, which relayers SHOULD use, is the all-lowercase form. NOTE: It is arguably unfortunate that the path list is case- sensitive, but it is much too late to change this. Most Internet sites do, in any event, use one standardized form of their name almost everywhere. In the ordinary case, where the poster is the author of the article, the local part following the path list SHOULD be the local part of the poster's full Internet domain mailing address. NOTE: It should be just the local part, not the full address. The character "@" does not appear in a Path header. The Path content somewhat resembles a mailing address, particularly in the UUCP world with its manual routing and "!" address syntax. Historically, this resemblance was important, and the Path content was often used as a reply address. This practice has always been somewhat unreliable, since news paths are not always mail paths and news relayer names are not always recognized by mail handlers, and its reliability has generally worsened in recent times. The widespread use of and recognition of Internet domain addresses, even outside the actual Internet, has largely eliminated the problem. Readers SHOULD NOT use the Path content as a reply address. On the other hand, relayer administrators are urged not to break this usage without good reason; where practical, paths followed by news SHOULD be traversable by mail, and mail handlers SHOULD recognize relayer names as host names. It will typically be difficult or impractical for gateways and moderators to supply a Path content that is useful as a reply address for the author, bearing in mind that the path list they supply will normally be empty. (To reiterate: the path list MUST NOT contain any names other than those of relayers the article has passed through AS NEWS.) They SHOULD supply a local part that will result in replies Spencer Historic [Page 44] RFC 1849 Son of 1036 March 2010 to a Path-derived address being returned to the sender with a brief explanation. Software permitting, the local part "not-for-mail" is recommended. NOTE: A moderator or gateway administrator who supplies a local part that delivers such mail to an administrative mailbox will quickly discover why it should be bounced automatically! It is best, however, for the returned message to include an explanation of what has probably happened, rather than just a mysterious "undeliverable mail" complaint, since the sender may not be aware that his/her software is unwisely using the Path content as a reply address. Reply software might wish to question attempts to reply to a Path-derived address ending in "not-for-mail" (which is why a specific name is being recommended here). 6. Optional Headers Many MAIL headers, and many of those specified in present and future MAIL extensions, are potentially applicable to news. Headers specific to MAIL's point-to-point transmission paradigm, e.g., To and Cc, SHOULD NOT appear in news articles. (Gateways wishing to preserve such information for debugging probably SHOULD hide it under different names; prefixing "X-" to the original headers, resulting in forms like "X-To", is suggested.) The following optional headers are either specific to news or of particular note in news articles; an article MAY contain some or all of them. (Note that there are some circumstances in which some of them are mandatory; these are explained under the individual headers.) An article MUST NOT contain two or more headers with any one of these header names. NOTE: The ban on duplicate header names does not apply to headers not specified in this Draft, such as "X-" headers. Software should not assume that all header names in a given article are unique. 6.1. Followup-To The Followup-To header contents specify to which newsgroup(s) followups should be posted: Followup-To-content = Newsgroups-content / "poster" Spencer Historic [Page 45] RFC 1849 Son of 1036 March 2010 The syntax is the same as that of the Newsgroups content, with the exception that the magic word "poster" means that followups should be mailed to the article's reply address rather than posted. In the absence of Followup-To, the default newsgroup(s) for a followup are those in the Newsgroups header. NOTE: The way to request that followups be mailed to a specific address other than that in the From line is to supply "Followup-To: poster" and a Reply-To header. Putting a mailing address in the Followup-To line is incorrect; posting agents should reject or rewrite such headers. NOTE: There is no syntax for "no followups allowed" because "Followup-To: poster" accomplishes this effect without extra machinery. Although it is generally desirable to limit followups to the smallest reasonable set of newsgroups, especially when the precursor was cross-posted widely, posting agents SHOULD NOT supply a Followup-To header except at the poster's explicit request. NOTE: In particular, it is incorrect for the posting agent to assume that followups to a cross-posted article should be directed to the first newsgroup only. Trimming the list of newsgroups should be the poster's decision, not the posting agent's. However, when an article is to be cross-posted to a considerable number of newsgroups, a posting agent might wish to SUGGEST to the poster that followups go to a shorter list. 6.2. Expires The Expires header content specifies a date and time when the article is deemed to be no longer useful and should be removed ("expired"): Expires-content = Date-content The content syntax is the same as that of the Date content. In the absence of Expires, the default is decided by the administrators of each host the article reaches, who MAY also restrict the extent to which the Expires header is honored. The Expires header has two main applications: removing articles whose utility ends on a specific date (e.g., event announcements that can be removed once the day of the event has passed) and preserving articles expected to be of prolonged usefulness (e.g., information aimed at new readers of a newsgroup). The latter application is sometimes abused. Since individual hosts have local policies for expiration of news (depending on available disk space, for instance), Spencer Historic [Page 46] RFC 1849 Son of 1036 March 2010 posters SHOULD NOT provide Expires headers for articles unless there is a natural expiration date associated with the topic. Posting agents MUST NOT provide a default Expires header. Leave it out and allow local policies to be used unless there is a good reason not to. Expiry dates are properly the decision of individual host administrators; posters and moderators SHOULD set only expiry dates with which most administrators would agree. NOTE: A poster preparing an Expires header for an article whose utility ends on a specific day should typically specify the NEXT day as the expiry date. A meeting on July 7th remains of interest on the 7th. 6.3. Reply-To The Reply-To header content specifies a reply address different from the author's address given in the From header: Reply-To-content = From-content In the absence of Reply-To, the reply address is the address in the From header. Use of a Reply-To header is preferable to including a similar request in the article body, because reply-preparation software can take account of Reply-To automatically. 6.4. Sender The Sender header identifies the poster, in the event that this differs from the author identified in the From header: Sender-content = From-content In the absence of Sender, the default poster is the author (named in the From header). NOTE: The intent is that the Sender header have a fairly high probability of identifying the person who really posted the article. The ability to specify a From header naming someone other than the poster is useful but can be abused. If the poster supplies a From header, the posting agent MUST ensure that a Sender header is present, unless it can verify that the mailing address in the From header is a valid mailing address for the poster. A poster-supplied Sender header MAY be used, if its mailing address is verifiably a valid mailing address for the poster; Spencer Historic [Page 47] RFC 1849 Son of 1036 March 2010 otherwise, the posting agent MUST supply a Sender header and delete (or rename, for example, to X-Unverifiable-Sender) any poster- supplied Sender header. NOTE: It might be useful to preserve a poster-supplied Sender header so that the poster can supply the full-name part of the content. The mailing address, however, must be right, hence, the posting agent must generate the Sender header if it is unable to verify the mailing address of a poster-supplied one. NOTE: NNTP implementors, in particular, are urged to note this requirement (which would eliminate the need for ad hoc headers like NNTP-Posting-Host), although there are admittedly some implementation difficulties. A user name from an [RFC1413] server and a host name from an inverse mapping of the address, perhaps with a "full name" comment noting the origin of the information, would be at least a first approximation: Sender: fred@zoo.toronto.edu (RFC-1413@reverse-lookup; not verified) While this does not completely meet the specs, it comes a lot closer than not having a Sender header at all. Even just supplying a placeholder for the user name: Sender: somebody@zoo.toronto.edu (user name unknown) would be better than nothing. 6.5. References The References header content lists message IDs of precursors: References-content = message-id *( space message-id ) A followup MUST have a References header, and an article that is not a followup MUST NOT have a References header. The References-content of a followup MUST be the precursor's References-content (if any) followed by the precursor's message ID. NOTE: Use the See-Also header (Section 6.16) for interconnection of articles that are not in a followup relationship to each other. NOTE: In retrospect, RFCs 850 and 1036, and the implementations whose practice they represented, erred here. The proper MAIL header to use for references to precursors is In-Reply-To, and the References header is meant to be used for the purposes here ascribed to See-Also. This incompatibility is far too solidly Spencer Historic [Page 48] RFC 1849 Son of 1036 March 2010 established to be fixed, unfortunately. The best that can be done is to provide a clear mapping between the two and urge gateways to do the transformation. The news usage is (now) a deliberate violation of the MAIL specifications; articles containing news References headers are technically not valid MAIL messages, although it is unlikely that much MAIL software will notice because the incompatibility is at a subtle semantic level that does not affect the syntax. UNRESOLVED ISSUE: Would it be better to just give up and admit that news uses References for both purposes? UNRESOLVED ISSUE: Should the syntax be generalized to include URLs as alternatives to message IDs? Perhaps not; too many things know about References already. And non-articles can't be precursors of articles, not really. Followup agents SHOULD NOT shorten References headers. If it is absolutely necessary to shorten the header, as a desperate last resort, a followup agent MAY do this by deleting some of the message IDs. However, it MUST NOT delete the first message ID, the last three message IDs (including that of the immediate precursor), or any message ID mentioned in the body of the followup. If it is possible for the followup agent to determine the Subject content of the articles identified in the References header, it MUST NOT delete the message ID of any article where the Subject content changed (other than by prepending of a back reference). The followup agent MUST NOT delete any message ID whose local part ends with "_-_" (underscore (ASCII 95), hyphen (ASCII 45), underscore); followup agents are urged to use this form to mark subject changes and to avoid using it otherwise. NOTE: As software capable of exploiting References chains has grown more common, the random shortening permitted by [RFC1036] has become increasingly troublesome. ANY shortening is undesirable, and software should do it only in cases of dire necessity. In such cases, these rules attempt to limit the damage. NOTE: The first message ID is very important as the starting point of the "thread" of discussion and absolutely should not be deleted. Keeping the last three message IDs gives thread- following software a fighting chance to reconstruct a full thread even if an article or two is missing. Keeping message IDs mentioned in the body is obviously desirable. Spencer Historic [Page 49] RFC 1849 Son of 1036 March 2010 NOTE: Subject changes are difficult to determine, but they are significant as possible beginnings of new threads. The "_-_" convention is provided so that posting agents (which have more information about subjects) can flag articles containing a subject change in a way that followup agents can detect without access to the articles themselves. The sequence is chosen as one that is fairly unlikely to occur by accident. UNRESOLVED ISSUE: Is "_-_" really worth having? When a References header is shortened, at least three blanks SHOULD be left between adjacent message IDs at each point where deletions were made. Software preparing new References headers SHOULD preserve multiple blanks in older References content. NOTE: It's desirable to have some marker of where deletions occurred, but the restricted syntax of the header makes this difficult. Extra white space is not a very good marker, since it may be deleted by software that ill-advisedly rewrites headers, but at least it doesn't break existing software. To repeat: followup agents SHOULD NOT shorten References headers. NOTE: Unfortunately, reading agents and other software analyzing References patterns have to be prepared for the worst anyway. The worst includes random deletions and the possibility of circular References chains (when References is misused in place of See-Also (Section 6.16)). 6.6. Control The Control header content marks the article as a control message and specifies the desired actions (other than the usual ones of filing and passing on the article): Control-content = verb *( space argument ) verb = 1*( letter / digit ) argument = 1*<ASCII printable character> The verb indicates what action should be taken, and the argument(s) (if any) supply details. In some cases, the body of the article may also contain details. Section 7 describes the standard verbs. See also the Also-Control header (Section 6.15). NOTE: Control messages are often processed and filed rather differently than normal articles. Spencer Historic [Page 50] RFC 1849 Son of 1036 March 2010 NOTE: The restriction of verbs to letters and digits is new but is consistent with existing practice and potentially simplifies implementation by avoiding characters significant to command interpreters. Beware that the arguments are under no such restriction in general. NOTE: Two other conventions for distinguishing control messages from normal articles were formerly in use: a three-component newsgroup name ending in ".ctl" or a subject beginning with "cmsg " was considered to imply that the article was a control message. These conventions are obsolete. Do not use them. An article with a Control header MUST NOT have an Also-Control or Supersedes header. 6.7. Distribution The Distribution header content specifies geographic or organizational limits on an article's propagation: Distribution-content = distribution *( dist-delim distribution ) dist-delim = "," distribution = plain-component A distribution is syntactically identical to a one-component newsgroup name and must satisfy the same rules and restrictions. In the absence of Distribution, the default distribution is "world". NOTE: This syntax has the disadvantage of containing no white space, making it impossible to continue a Distribution header across several lines. Implementors of relayers and reading agents are warned that it is intended that the successor to this Draft will change the definition of dist delimiter to: dist-delim = "," [ space ] and are urged to fix their software to handle (i.e., ignore) white space following the commas. A relayer MUST NOT pass an article to another relayer unless configuration information specifies transmission to that other relayer of BOTH (a) at least one of the article's newsgroup(s), and (b) at least one of the article's distribution(s). In effect, the only role of distributions is to limit propagation, by preventing transmission of articles that would have been transmitted had the decision been based solely on newsgroups. Spencer Historic [Page 51] RFC 1849 Son of 1036 March 2010 A posting agent might wish to present a menu of possible distributions, or suggest a default, but normally SHOULD NOT supply a default without giving the poster a chance to override it. A followup agent SHOULD initially supply the same Distribution header as found in the precursor, although the poster MAY alter this if appropriate. Despite the syntactic similarity and some historical confusion, distributions are NOT newsgroup names. The whole point of putting a distribution on an article is that it is DIFFERENT from the newsgroup(s). In general, a meaningful distribution corresponds to some sort of region of propagation: a geographical area, an organization, or a cooperating subnet. NOTE: Distributions have historically suffered from the completely uncontrolled nature of their name space, the lack of feedback to posters on incomplete propagation resulting from use of random trash in Distribution headers, and confusion with newsgroups (arising partly because many regions and organizations DO have internal newsgroups with names resembling their internal distributions). This has resulted in much garbage in Distribution headers, notably the pointless practice of automatically supplying the first component of the newsgroup name as a distribution (which is MOST unlikely to restrict propagation!). Many sites have opted to maximize propagation of such ill-formed articles by essentially ignoring distributions. This unfortunately interferes with legitimate uses. The situation is bad enough that distributions must be considered largely useless except within cooperating subnets that make an organized effort to restrain propagation of their internal distributions. NOTE: The distributions "world" and "local" have no standard magic meaning (except that the former is the default distribution if none is given). Some pieces of software do assign such meanings to them. 6.8. Keywords The Keywords header content is one or more phrases intended to describe some aspect of the content of the article: Keywords-content = plain-phrase *( "," [ space ] plain-phrase ) Keywords, separated by commas, each follow the <plain-phrase> syntax defined in Section 5.2. Encoded words in keywords MUST NOT contain characters other than letters (of either case), digits, and the characters "!", "*", "+", "-", "/", "=", and "_". Spencer Historic [Page 52] RFC 1849 Son of 1036 March 2010 NOTE: Posters and posting agents are asked to take note that keywords are separated by commas, not by white space. The following Keywords header contains only one keyword (a rather unlikely and improbable one): Keywords: Thompson Ritchie Multics Linux and should probably have been written: Keywords: Thompson, Ritchie, Multics, Linux This particular error is unfortunately rather widespread. NOTE: Reading agents and archivers preparing indexes of articles should bear in mind that user-chosen keywords are notoriously poor for indexing purposes unless the keywords are picked from a predefined set (which they are not in this case). Also, some followup agents unwisely propagate the Keywords header from the precursor into the followup by default. At least one news-based experiment has found the contents of Keywords headers to be completely valueless for indexing. 6.9. Summary The Summary header content is a short phrase summarizing the article's content: Summary-content = nonblank-text As with the subject, no restriction is placed on the content since it is intended solely for display to humans. NOTE: Reading agents should be aware that the Summary header is often used as a sort of secondary Subject header, and (if present) its contents should perhaps be displayed when the subject is displayed. The summary SHOULD be terse. Posters SHOULD avoid trying to cram their entire article into the headers; even the simplest query usually benefits from a sentence or two of elaboration and context, and not all reading agents display all headers. 6.10. Approved The Approved header content indicates the mailing addresses (and possibly the full names) of the persons or entities approving the article for posting: Spencer Historic [Page 53] RFC 1849 Son of 1036 March 2010 Approved-content = From-content *( "," [ space ] From-content ) An Approved header is required in all postings to moderated newsgroups; the presence or absence of this header allows a posting agent to distinguish between articles posted by the moderator (which are normal articles to be posted normally) and attempted contributions by others (which should be mailed to the moderator for approval). An Approved header is also required in certain control messages, to reduce the probability of accidental posting of same; see the relevant parts of Section 7. NOTE: There is, at present, no way to authenticate Approved headers to ensure that the claimed approval really was bestowed. Nor is there an established mechanism for even maintaining a list of legitimate approvers (such a list would quickly become out of date if it had to be maintained by hand). Such mechanisms, presumably relying on cryptographic authentication, would be a worthwhile extension to this Draft, and experimental work in this area is encouraged. (The problem is harder than it sounds because news is used on many systems that do not have real-time access to key servers.) NOTE: Relayer implementors, please note well: it is the POSTING AGENT that is authorized to distinguish between moderator postings and attempted contributions, and to mail the latter to the moderator. As discussed in Section 9.1, relayers MUST NOT, repeat MUST NOT, send such mail; on receipt of an unApproved article in a moderated newsgroup, they should discard the article, NOT transform it into a mail message (except perhaps to a local administrator). NOTE: [RFC1036] restricted Approved to a single From-content. However, multiple moderation is no longer rare, and multi- moderator Approved headers are already in use. 6.11. Lines The Lines header content indicates the number of lines in the body of the article: Lines-content = 1*digit The line count includes all body lines, including the signature (if any) and including empty lines (if any) at the beginning or end of the body. (The single empty separator line between the headers and the body is not part of the body.) The "body" here is the body as found in the posted article, AFTER all transformations such as MIME encodings. Spencer Historic [Page 54] RFC 1849 Son of 1036 March 2010 Reading agents SHOULD NOT rely on the presence of this header, since it is optional (and some posting agents do not supply it). They MUST NOT rely on it being precise, since it frequently is not. NOTE: The average line length in article bodies is surprisingly consistent at about 40 characters, and since the line count typically is used only for approximate judgements ("is this too long to read quickly?"), dividing the byte count of the body by 40 gives an estimate of the body line count that is adequate for normal use. This estimate is NOT adequate if the body has been MIME encoded, but neither is the Lines header: at least one major relayer will add a Lines header to an article that lacks one, without considering the possibility of MIME encodings when computing the line count. NOTE: It would be better to have a Content-Size header as part of MIME, so that body parts could have their own sizes, and so that the units used could be appropriate to the data type (line count is not a useful measure of the size of an encoded image, for example). Doing this is preferable to trying to fix Lines. UNRESOLVED ISSUE: Update on Content-Size? Relayers SHOULD discard this header if they find it necessary to re-encode the article in such a way that the original Lines header would be rendered incorrect. 6.12. Xref The Xref header content indicates where an article was filed by the last relayer to process it: Xref-content = relayer 1*( space location ) relayer = relayer-name location = newsgroup-name ":" article-locator article-locator = 1*<ASCII printable character> The relayer's name is included so that software can determine which relayer generated the header (and specifically, whether it really was the one that filed the copy being examined). The locations specify what newsgroups the article was filed under (which may differ from those in the Newsgroups header) and where it was filed under them. The exact form of an article locator is implementation-specific. NOTE: Reading agents can exploit this information to avoid presenting the same article to a reader several times. The information is sometimes available in system databases, but having it in the article is convenient. Relayers traditionally generate Spencer Historic [Page 55] RFC 1849 Son of 1036 March 2010 an Xref header only if the article is cross-posted, but this is not mandatory, and there is at least one new application ("mirroring": keeping news databases on two hosts identical) where the header is useful in all articles. NOTE: The traditional form of an article locator is a decimal number, with articles in each newsgroup numbered consecutively starting from 1. NNTP [RFC977] demands that such a model be provided, and there may be other software that expects it, but it seems desirable to permit flexibility for unorthodox implementations. A relayer inserting an Xref header into an article MUST delete any previous Xref header. A relayer that is not inserting its own Xref header SHOULD delete any previous Xref header. A relayer MAY delete the Xref header when passing an article on to another relayer. NOTE: [RFC1036] specified that the Xref header was not transmitted when an article was passed to another relayer, but the major news implementations have never obeyed this rule, and applications like mirroring depend on this disobedience. A relayer MUST use the same name in Xref headers as it uses in Path headers. Reading agents MUST ignore an Xref header containing a relayer name that differs from the one that begins the path list. 6.13. Organization The Organization header content is a short phrase identifying the poster's organization: Organization-content = nonblank-text This header is typically supplied by the posting agent. The Organization content SHOULD mention geographical location (e.g., city and country) when it is not obvious from the organization's name. NOTE: The motive here is that the organization is often difficult to guess from the mailing address, is not always supplied in a signature, and can help identify the poster to the reader. NOTE: There is no "s" in "Organization". The Organization content is provided for identification only and does not imply that the poster speaks for the organization or that the article represents organization policy. Posting agents SHOULD permit the poster to override a local default Organization header. Spencer Historic [Page 56] RFC 1849 Son of 1036 March 2010 6.14. Supersedes The Supersedes header content specifies articles to be cancelled on arrival of this one: Supersedes-content = message-id *( space message-id ) Supersedes is equivalent to Also-Control (Section 6.15) with an implicit verb of "cancel" (Section 7.1). NOTE: Supersedes is normally used where the article is an updated version of the one(s) being cancelled. NOTE: Although the ability to use multiple message IDs in Supersedes is highly desirable (see Section 7.1), posters are warned that existing implementations often do not correctly handle more than one. NOTE: There is no "c" in "Supersedes". An article with a Supersedes header MUST NOT have an Also-Control or Control header. 6.15. Also-Control The Also-Control header content marks the article as being a control message IN ADDITION to being a normal news article and specifies the desired actions: Also-Control-content = Control-content An article with an Also-Control header is filed and passed on normally, but the content of the Also-Control header is processed as if it were found in a Control header. NOTE: It is sometimes desirable to piggyback control actions on a normal article, so that the article will be filed normally but will also be acted on as a control message. This header is essentially a generalization of Supersedes. NOTE: Be warned that some old relayers do not implement Also-Control. An article with an Also-Control header MUST NOT have a Control or Supersedes header. Spencer Historic [Page 57] RFC 1849 Son of 1036 March 2010 6.16. See-Also The See-Also header content lists message IDs of articles that are related to this one but are not its precursors: See-Also-content = message-id *( space message-id ) See-Also resembles References, but without the restrictions imposed on References by the followup rules. NOTE: See-Also provides a way to group related articles, such as the parts of a single document that had to be split across multiple articles due to its size, or to cross-reference between parallel threads. NOTE: See the discussion (in Section 6.5) on MAIL compatibility issues of References and See-Also. NOTE: In the specific case where it is desired to essentially make another article PART of the current one, e.g., for annotation of the other article, MIME's "message/external-body" convention can be used to do so without actual inclusion. "news-message-ID" was registered as a standard external-body access method, with a mandatory NAME parameter giving the message ID and an optional SITE parameter suggesting an NNTP site that might have the article available (if it is not available locally), by IANA 22 June 1993. UNRESOLVED ISSUE: Could the syntax be generalized to include URLs as alternatives to message IDs? Here it makes much more sense than in References. 6.17. Article-Names The Article-Names header content indicates any special significance the article may have in particular newsgroups: Article-Names-content = 1*( name-clause space ) name-clause = newsgroup-name ":" article-name article-name = letter 1*( letter / digit / "-" ) Each name clause specifies a newsgroup (which SHOULD be among those in the Newsgroups header) and an article name local to that newsgroup. Article names MAY be used by relayers to file the article in special ways, or they MAY just be noted for possible special attention by reading agents. Article names are case-sensitive. Spencer Historic [Page 58] RFC 1849 Son of 1036 March 2010 NOTE: This header provides a way to mark special postings, such as introductions, frequently-asked-question lists, etc., so that reading agents have a way of finding them automatically. The newsgroup name is specified for each article name because the names may be newsgroup-specific; for example, many frequently- asked-question lists are posted to "news.answers" in addition to their "home" newsgroup, and they would not be known by the same name(s) in both newsgroups. The Article-Names header SHOULD be ignored unless the article also contains an Approved header. NOTE: This stipulation is made in anticipation of the possibility that Approved headers will be involved in cryptographic authentication. The presence of an Article-Names header does not necessarily imply that the article will be retained unusually long before expiration, or that previous article(s) with similar Article-Names headers will be cancelled by its arrival. Posters preparing special postings SHOULD include appropriate other headers, such as Expires and Supersedes, to request such actions. Different networks MAY establish different sets of article names for the special postings they deem significant; it is preferable for usage to be standardized within networks, although it might be desirable for individual newsgroups to have different naming conventions in some situations. Article names MUST be 14 characters or less. The following names are suggested but are not mandatory: intro Introduction to the newsgroup for newcomers. charter Charter, rules, organization, moderation policies, etc. background Biographies of special participants, history of the newsgroup, notes on related newsgroups, etc. subgroups Descriptions of sub-newsgroups under this newsgroup, e.g., "sci.space.news" under "sci.space". facts Information relating to the purpose of the newsgroup, e.g., an acronym glossary in "sci.space". references Where to get more information: books, journals, FTP repositories, etc. faq Answers to frequently asked questions. Spencer Historic [Page 59] RFC 1849 Son of 1036 March 2010 menu If present, a list of all of the other article names local to this newsgroup, with brief descriptions of their contents. Such articles may be divided into subsections using the MIME "multipart/mixed" conventions. If size considerations make it necessary to split such articles, names ending in a hyphen and a part number are suggested; for example, a three-part frequently-asked- questions list could have article names "faq-1", "faq-2", and "faq-3". NOTE: It is somewhat premature to attempt to standardize article names, since this is essentially a new feature with no experience behind it. However, if reading agents are to attach special significance to these names, some attempt at standard conventions is imperative. This is a first attempt at providing some. 6.18. Article-Updates The Article-Updates header content indicates what previous articles this one is deemed (by the poster) to update (i.e., replace): Article-Updates-content = message-id *( space message-id ) Each message ID identifies a previous article that this one is deemed to update. This MUST NOT cause the previous article(s) to be cancelled or otherwise altered, unless this is implied by other headers (e.g., Supersedes); Article-Updates is merely an advisory that MAY be noted for special attention by reading agents. NOTE: This header provides a way to mark articles that are only minor updates of previous ones, containing no significant new information and not worth reading if the previous ones have been read. NOTE: If suitable conventions using MIME multipart bodies and the "message/external-body" body-part type can be developed, a replacing article might contain only differences between the old text and the new text, rather than a complete new copy. This is the motivation for not making Article-Updates also function as Supersedes does: the replacing article might depend on the continued presence of the replaced article. 7. Control Messages The following sections document the currently defined control messages. "Message" is used herein as a synonym for "article" unless context indicates otherwise. Spencer Historic [Page 60] RFC 1849 Son of 1036 March 2010 Posting agents are warned that since certain control messages require article bodies in quite specific formats, signatures SHOULD NOT be appended to such articles, and it may be wise to take greater care than usual to avoid unintended (although perhaps well-meaning) alterations to text supplied by the poster. Relayers MUST assume that control messages mean what they say; they MAY be obeyed as is or rejected, but MUST NOT be reinterpreted. The execution of the actions requested by control messages is subject to local administrative restrictions, which MAY deny requests or refer them to an administrator for approval. The descriptions below are generally phrased in terms suggesting mandatory actions, but any or all of these MAY be subject to local administrative approval (either as a class or case-by-case). Analogously, where the description below specifies that a message or portion thereof is to be ignored, this action MAY include reporting it to an administrator. NOTE: The exact choice of local action might depend on what action the control message requests, who it claims to come from, etc. Relayers MUST propagate even control messages they do not understand. In the following sections, each type of control message is defined syntactically by defining its arguments and its body. For example, "cancel" is defined by defining cancel-arguments and cancel-body. 7.1. cancel The cancel message requests that one or more previous articles be "cancelled": cancel-arguments = message-id *( space message-id ) cancel-body = body The argument(s) identify the articles to be cancelled, by message ID. The body is a comment, which software MUST ignore, and SHOULD contain an indication of why the cancellation was requested. The cancel message SHOULD be posted to the same newsgroup(s), with the same distribution(s), as the article(s) it is attempting to cancel. NOTE: Using the same newsgroups and distributions maximizes the chances of the cancel message propagating everywhere the target articles went. NOTE: [RFC1036] permitted only a single message-id in a cancel message. Support for cancelling multiple articles is highly desirable, especially for use with Supersedes (see Section 6.14). If several revisions of an article appear in fast succession, each Spencer Historic [Page 61] RFC 1849 Son of 1036 March 2010 using Supersedes to cancel the previous one, it is possible for a middle revision to be destroyed by cancellation before it is propagated onward to cancel its predecessor. Allowing each article to cancel several predecessors greatly alleviates this problem. (Posting agents preparing a cancel of an article that itself cancels other articles might wish to add those articles to the cancel-arguments.) However, posters should be aware that much old software does not implement multiple cancellation properly and should avoid using it when reliable cancellation is vitally important. When an article (the "target article") is to be cancelled, there are four cases of interest: the article hasn't arrived yet, it has arrived and been filed and is available for reading, it has expired and been archived on some less-accessible storage medium, or it has expired and been deleted. The next few paragraphs discuss each case in turn (in reverse order, which is convenient for the explanation). EXPIRED AND DELETED. Take no action. EXPIRED AND ARCHIVED. If the article is readily accessible and can be deleted or made unreadable easily, treat as under AVAILABLE below. Otherwise, treat as under EXPIRED AND DELETED. NOTE: While it is desirable for archived articles to be cancellable, this can easily involve rewriting an entire archive volume just to get rid of one article, perhaps with manual actions required to arrange it. It is difficult to envision a situation so dire as to require such measures from hundreds or thousands of administrators, or for that matter one in which widespread compliance with such a request is likely. AVAILABLE. Compare the mailing addresses from the From lines of the cancel message and the target article, bearing in mind that local parts (except for "postmaster") are case-sensitive and domains are case-insensitive. If they do not match, either refer the issue to an administrator for a case-by-case decision, or treat as if they matched. NOTE: It is generally trivial to forge articles, so nothing short of cryptographic authentication is really adequate to ensure that a cancel came from the original article's author. Moreover, it is highly desirable to permit authorities other than the author to cancel articles, to allow for cases in which the author is unavailable, uncooperative, or malicious, and in which damage and/or legal problems may be minimized by prompt cancellation. Spencer Historic [Page 62] RFC 1849 Son of 1036 March 2010 Reliable authentication that would permit such administrative cancels would be a worthwhile extension to this Draft, and experimental work in this area is encouraged. NOTE: Meanwhile, a simple check of addresses is useful accident prevention and catches at least the most simple-minded forgers. Since the intent is accident prevention rather than ironclad security, use of the From address is appropriate, all the more so because in the presence of gateways (especially redundant multiple gateways), the author may not have full control over Sender headers. NOTE: The "refer... or treat as if they matched" rule is intended to specifically forbid quietly ignoring cancels with mismatched addresses. If the addresses match, then if technically possible, the relayer MUST delete the target article completely and immediately. Failing that, it MUST make the target article unreadable (preferably to everyone, minimally to everyone but the administrator) and either arrange for it to be deleted as soon as possible or notify an administrator at once. NOTE: To allow for events such as criminal actions, malicious forgeries, and copyright infringements, where damage and/or legal problems may be minimized by prompt cancellation, complete removal is strongly preferred over merely making the target article unreadable. The potential for malice is outweighed by the importance of really getting rid of the target article in some legitimate cases. (In cases of inadvertent copyright violation in particular, the ability to quickly remedy the violation is of considerable legal importance.) Failing that, making it unreadable is better than nothing. NOTE: Merely annotating the article so that readers see an indication that the author wanted it cancelled is not acceptable. Making the article unreadable is the minimum action. NOTE: There have been experiments with making cancelled articles unreadable, so that local news administrators could reverse cancellations. In practice, administrators almost never find cause to do so. Removal appears to be clearly preferable where technically feasible. Spencer Historic [Page 63] RFC 1849 Son of 1036 March 2010 NOT ARRIVED YET. If practical, retain the cancel message until the target article does arrive, or until there is no further possibility of it arriving and being accepted (see Section 9.2), and then treat as under AVAILABLE. Failing that, arrange for the target article to be rejected and discarded if it does arrive. NOTE: It may well be impractical to retain the control message, given uncertainty about whether the target article will ever arrive. Existing practice in such cases is to assume that addresses would match and arrange the equivalent of deletion. This is often done by making a spurious entry in a database of already-seen message IDs (see Section 9.3), so that if the article does arrive, it will be rejected as a duplicate. The cancel message MUST be propagated onward in the usual fashion, regardless of which of the four cases applied, so that the target article will be cancelled everywhere even if cancellation and target article follow different routes. NOTE: [RFC1036] appeared to require stopping cancel propagation in the NOT ARRIVED YET case, although the wording was somewhat unclear. This appears to have been an unwise decision; there are known cases of important cancellations (in situations of inadvertent copyright violation, for example) achieving rather poorer propagation than the target article. News propagation is often a much less orderly process than the authors of [RFC1036] apparently envisioned. Modern implementations generally propagate the cancellation regardless. Posting agents meant for use by ordinary posters SHOULD reject an attempt to post a cancel message if the target article is available and the mailing address in its From header does not match the one in the cancel message's From header. NOTE: This, again, is primarily accident prevention. 7.2. ihave, sendme The ihave and sendme control messages implement a crude batched predecessor of the NNTP [RFC977] protocol. They are largely obsolete in the Internet but still see use in the UUCP environment, especially for backup feeds that normally are active only when a primary feed path has failed. NOTE: The ihave and sendme messages defined here have ABSOLUTELY NOTHING TO DO WITH NNTP, despite similarities of terminology. Spencer Historic [Page 64] RFC 1849 Son of 1036 March 2010 The two messages share the same syntax: ihave-arguments = *( message-id space ) relayer-name sendme-arguments = ihave-arguments ihave-body = *( message-id eol ) sendme-body = ihave-body Message IDs MUST appear in either the arguments or the body, but not both. Relayers SHOULD generate the form putting message IDs in the body, but the other form MUST be supported for backward compatibility. NOTE: [RFC1036] made the relayer name optional, but difficulties could easily ensue in determining the origin of the message, and this option is believed to be unused nowadays. Putting the message IDs in the body is strongly preferred over putting them in the arguments because it lends itself much better to large numbers of message IDs and avoids the empty-body problem mentioned in Section 4.3.1. The ihave message states that the named relayer has filed articles with the specified message IDs, which may be of interest to the relayer(s) receiving the ihave message. The sendme message requests that the relayer receiving it send the articles having the specified message IDs to the named relayer. These control messages are normally sent essentially as point-to- point messages, by using "to." newsgroups (see Section 5.5) that are sent only to the relayer for which the messages are intended. The two relayers MUST be neighbors, exchanging news directly with each other. Each relayer advertises its new arrivals to the other using ihave messages, and each uses sendme messages to request the articles it lacks. NOTE: Arguably these point-to-point control messages should flow by some other protocol, e.g., mail, but administrative and interfacing issues are simplified if the news system doesn't need to talk to the mail system. To reduce overhead, ihave and sendme messages SHOULD be sent relatively infrequently and SHOULD contain substantial numbers of message IDs. If ihave and sendme are being used to implement a backup feed, it may be desirable to insert a delay between reception of an ihave and generation of a sendme, so that a slightly slow primary feed will not cause large numbers of articles to be requested unnecessarily via sendme. Spencer Historic [Page 65] RFC 1849 Son of 1036 March 2010 7.3. newgroup The newgroup control message requests that a new newsgroup be created: newgroup-arguments = newsgroup-name [ space moderation ] moderation = "moderated" / "unmoderated" newgroup-body = body / [ body ] descriptor [ body ] descriptor = descriptor-tag eol description-line eol descriptor-tag = "For your newsgroups file:" description-line = newsgroup-name space description description = nonblank-text [ " (Moderated)" ] The first argument names the newsgroup to be created, and the second one (if present) indicates whether it is moderated. If there is no second argument, the default is "unmoderated". NOTE: Implementors are warned that there is occasional use of other forms in the second argument. It is suggested that such violations of this Draft, which are also violations of [RFC1036], cause the newgroup message to be ignored. [RFC1036] was slightly vague about how second arguments other than "moderated" were to be treated (specifically, whether they were illegal or just ignored), but it is thought that all existing major implementations will handle "unmoderated" correctly, and it appears desirable to tighten up the specs to make it possible for other forms to be used in future. The body is a comment, which software MUST ignore, except that if it contains a descriptor, the description line is intended to be suitable for addition to a list of newsgroup descriptions. The description cannot be continued onto later lines but is not constrained to any particular length. Moderated newsgroups have descriptions that end with the string " (Moderated)" (note that this string begins with a blank). NOTE: It is unfortunate that the description line is part of the body, rather than being supplied in a header, but this is established practice. Newsgroup creators are cautioned that the descriptor tag must be reproduced exactly as given above, must be alone on a line, and that it is case-sensitive. (To reduce errors in this regard, posting agents might wish to question or reject newgroup messages that do not contain a descriptor.) Given the desire for short lines, description writers should avoid content- free phrases like "discussion of" and "news about", and stick to defining what the newsgroup is about. Spencer Historic [Page 66] RFC 1849 Son of 1036 March 2010 The remainder of the body SHOULD contain an explanation of the purpose of the newsgroup and the decision to create it. NOTE: Criteria for newsgroup creation vary widely and are outside the scope of this Draft, but if formal procedures of one kind or another were followed in the decision, the body should mention this. Administrators often look for such information when deciding whether to comply with creation/deletion requests. A newgroup message that lacks an Approved header MUST be ignored. NOTE: It would also be desirable to ignore a newgroup message unless its Approved header names a person who is authorized (in some sense) to create such a newsgroup. A cooperating subnet with sufficiently strong coordination to maintain a correct and current list of authorized creators might wish to do so for its internal newsgroups. It also (or alternatively) might wish to ignore a newgroup message for an internal newsgroup that was posted (or cross-posted) to a non-internal newsgroup. NOTE: As mentioned in Section 6.10, some form of (cryptographic?) authentication of Approved headers would be highly desirable, especially for control messages. It would be desirable to provide some way of supplying a moderator's address in a newgroup message for a moderated newsgroup, but this will cause problems unless effective authentication is available, so it is left for future work. NOTE: This leaves news administrators stuck with the annoying chore of arranging proper mailing of moderated-newsgroup submissions. On Usenet, this can be simplified by exploiting a forwarding facility that some major sites provide: they maintain forwarding addresses, each the name of a moderated newsgroup with all periods (".", ASCII 46) replaced by hyphens ("-", ASCII 45), which forward mail to the current newsgroup moderators. More advice on the subject of forwarding to moderators can be found in the document titled "How to Construct the Mailpaths File", posted regularly to the Usenet newsgroups news.lists, news.admin.misc, and news.answers. A newgroup message naming a newsgroup that already exists is requesting a change in the moderation status or description of the newsgroup. The same rules apply. Spencer Historic [Page 67] RFC 1849 Son of 1036 March 2010 7.4. rmgroup The rmgroup message requests that a newsgroup be deleted: rmgroup-arguments = newsgroup-name rmgroup-body = body The sole argument is the newsgroup name. The body is a comment, which software MUST ignore; it SHOULD contain an explanation of the decision to delete the newsgroup. NOTE: Criteria for newsgroup deletion vary widely and are outside the scope of this Draft, but if formal procedures of one kind or another were followed in the decision, the body should mention this. Administrators often look for such information when deciding whether to comply with creation/deletion requests. A rmgroup message that lacks an Approved header MUST be ignored. NOTE: It would also be desirable to ignore a rmgroup message unless its Approved header names a person who is authorized (in some sense) to delete such a newsgroup. A cooperating subnet with sufficiently strong coordination to maintain a correct and current list of authorized deleters might wish to do so for its internal newsgroups. It also (or alternatively) might wish to ignore a rmgroup message for an internal newsgroup that was posted (or cross-posted) to a non-internal newsgroup. Unexpected deletion of a newsgroup being a disruptive action, implementations are strongly advised to refer rmgroup messages to an administrator by default, unless perhaps the message can be determined to have originated within a cooperating subnet whose members are considered trustworthy. Abuses have occurred. 7.5. sendsys, version, whogets The sendsys message requests that a description of the relayer's news feeds to other relayers be mailed to the article's reply address: sendsys-arguments = [ relayer-name ] sendsys-body = body If there is an argument, relayers other than the one named by the argument MUST NOT respond. The body is a comment, which software MUST ignore; it SHOULD contain an explanation of the reason for the request. Spencer Historic [Page 68] RFC 1849 Son of 1036 March 2010 The version message requests that the name and version of the relayer software be mailed to the reply address: version-arguments = version-body = body There are no arguments. The body is a comment, which software MUST ignore; it SHOULD contain an explanation of the reason for the request. The whogets message requests that a description of the relayer and its news feeds to other relayers be mailed to the article's reply address: whogets-arguments = newsgroup-name [ space relayer-name ] whogets-body = body The first argument is the name of the "target newsgroup", specifying the newsgroup for which propagation information is desired. This MUST be a complete newsgroup name, not the name of a hierarchy or a portion of a newsgroup name that is not itself the name of a newsgroup. If there is a second argument, only the relayer named by that argument should respond. The body is a comment, which software MUST ignore; it SHOULD contain an explanation of the reason for the request. NOTE: Whogets is intended as a replacement for sendsys (and version) with a precisely specified reply format. Since the syntax for specifying what newsgroups get sent to what other relayers varies widely between different forms of relayer software, the only practical way to standardize the reply format is to indicate a specific newsgroup and ask where THAT newsgroup propagates. The requirement that it be a complete newsgroup name is intended to (largely) avoid the problem of having to answer "yes and no" in cases where not all newsgroups in a hierarchy are sent. Any of these messages lacking an Approved header MUST be ignored. Response to any of these messages SHOULD be delayed for at least 24 hours, and no response should be attempted if the message has been cancelled in that time. Also, no response SHOULD be attempted unless the local part of the destination address is "newsmap". News administrators SHOULD arrange for mail to "newsmap" on their systems to be discarded (without reply) unless legitimate use is in progress. NOTE: Because these messages can cause many, many relayers to send mail to one person, such messages, specifying mailing to an innocent person's mailbox, have been forged as a half-witted Spencer Historic [Page 69] RFC 1849 Son of 1036 March 2010 practical joke. A delay gives administrators time to notice a fraudulent message and act (by cancelling the message, preparing to divert the flood of mail into the bit bucket, or both). Restriction of the destination address to "newsmap" reduces the appeal of fraud by making it impossible to use it to harass a normal user. (A site that does NOT discard mail to "newsmap", but rather bounces it back, may incur higher communications costs than if the mail had been accepted into a user's mailbox, but a malicious forger could accomplish this anyway, by using an address whose local part is very unlikely to be a legitimate mailbox name.) NOTE: [RFC1036] did not require the Approved header for these control messages. This has been added because of the possibility that cryptographic authentication of Approved headers will become available. The body of the reply to a sendsys message SHOULD be of the form: sendsys-reply = responder 1*sys-line responder = "Responding-System:" space domain eol sys-line = relayer-name ":" newsgroup-patterns [ ":" text ] eol newsgroup-patterns = newsgroup-name *( "," newsgroup-name ) The first line identifies the responding system, using a syntax resembling a header (but note that it is part of the BODY). Remaining lines indicate what newsgroups are sent to what other systems. The syntax of newsgroup patterns is not well standardized; the form described is common (often with newsgroup names only partially given, denoting all names starting with a particular set of components) but not universal. The whogets message provides a better-defined alternative. The reply to a version message is of somewhat ill-defined form, with a body normally consisting of a single line of text that somehow describes the version of the relayer software. The whogets message provides a better-defined alternative. Spencer Historic [Page 70] RFC 1849 Son of 1036 March 2010 The body of the reply to a whogets message MUST be of the form: whogets-reply = responder-domain responder-relayer response-date responding-to arrived-via responder-version whogets-delimiter *pass-line responder-domain = "Responding-System:" space domain eol responder-relayer = "Responding-Relayer:" space relayer-name eol response-date = "Response-Date:" space date eol responding-to = "Responding-To:" space message-id eol arrived-via = "Arrived-Via:" path-list eol responder-version = "Responding-Version:" space nonblank-text eol whogets-delimiter = eol pass-line = relayer-name [ space domain ] eol The first six lines identify the responding relayer by its Internet domain name (use of the ".uucp" and ".bitnet" pseudo-domains is permissible, for registered hosts in them, but discouraged) and its relayer name; specify the date when the reply was generated and the message ID of the whogets message being replied to; give the path list (from the Path header) of the whogets message (which MAY, if absolutely necessary, be truncated to a convenient length, but MUST contain at least the leading three relayer names); and indicate the version of relayer software responding. Note that these lines are part of the BODY even though their format resembles that of headers. Despite the apparently fixed order specified by the syntax above, they can appear in any order, but there must be exactly one of each. After those preliminaries, and an empty line to unambiguously define their end, the remaining lines are the relayer names (which MAY be accompanied by the corresponding domain names, if known) of systems to which the responding system passes the target newsgroup. Only the names of news relayers are to be included. NOTE: It is desirable for a reply to identify its source by both domain name and relayer name because news propagation is governed by the latter but location in a broader context is best determined by the former. The date and whogets message ID should, in principle, be present in the MAIL headers but are included in the body for robustness in the presence of uncooperative mail systems. The reason for the path list is discussed below. Adding version information eliminates the need for a separate message to gather it. Spencer Historic [Page 71] RFC 1849 Son of 1036 March 2010 NOTE: The limitation of pass lines to contain only names of news relayers is meant to exclude names used within a single host (as identifiers for mail gateways, portions of ihave/sendme implementations, etc.), which do not actually refer to other hosts. A relayer that is unaware of the existence of the target newsgroup MUST NOT reply to a whogets message at all, although this MUST NOT influence decisions on whether to pass the article on to other relayers. NOTE: While this may result in discontinuous maps in cases where some hosts have not honored requests for creation of a newsgroup, it will also prevent a flood of useless responses in the event that a whogets message intended to map a small region "leaks" out to a larger one. The possibility of discontinuous recognition of a newsgroup does make it important that the whogets message itself continue to propagate (if other criteria permit). This is also the reason for the inclusion of the whogets message's path list, or at least the leading portion of it, in the reply: to permit reconstruction of at least small gaps in maps. Different networks set different rules for the legitimacy of these messages, given that they may reveal details of organization-internal topology that are sometimes considered proprietary. NOTE: On Usenet, in particular, willingness to respond to these messages is held to be a condition of network membership: the topology of Usenet is public information. Organizations wishing to belong to such networks while keeping their internal topology confidential might wish to organize their internal news software so that all articles reaching outsiders appear to be from a single "gatekeeper" system, with the details of internal topology hidden behind that system. UNRESOLVED ISSUE: It might be useful to have a way to set some sort of hop limit for these. Spencer Historic [Page 72] RFC 1849 Son of 1036 March 2010 7.6. checkgroups The checkgroups control message contains a supposedly authoritative list of the valid newsgroups within some subset of the newsgroup name space: checkgroups-arguments = checkgroups-body = [ invalidation ] valid-groups / invalidation invalidation = "!" plain-component *( "," plain-component ) eol valid-groups = 1*( description-line eol ) There are no arguments. The body lines (except possibly for an initial invalidation) each contain a description line for a newsgroup, as defined under the newgroup message (Section 7.3). NOTE: Some other, ill-defined, forms of the checkgroups body were formerly used. See Appendix A. The checkgroups message applies to all hierarchies containing any of the newsgroups listed in the body. The checkgroups message asserts that the newsgroups it lists are the only newsgroups in those hierarchies. If there is an invalidation, it asserts that the hierarchies it names no longer contain any newsgroups. Processing a checkgroups message MAY cause a local list of newsgroup descriptions to be updated. It SHOULD also cause the local lists of newsgroups (and their moderation statuses) in the mentioned hierarchies to be checked against the message. The results of the check MAY be used for automatic corrective action or MAY be reported to the news administrator in some way. NOTE: Automatically updating descriptions of existing newsgroups is relatively safe. In the case of newsgroup additions or deletions, simply notifying the administrator is generally the wisest action, unless perhaps the message can be determined to have originated within a cooperating subnet whose members are considered trustworthy. NOTE: There is a problem with the checkgroups concept: not all newsgroups in a hierarchy necessarily propagate to the same set of machines. (Notably, there is a set of newsgroups known as the "inet" newsgroups, which have relatively limited distribution but coexist in several hierarchies with more widely distributed newsgroups.) The advice of checkgroups should always be taken with a grain of salt and should never be followed blindly. Spencer Historic [Page 73] RFC 1849 Son of 1036 March 2010 8. Transmission Formats While this Draft does not specify transmission methods, except to place a few constraints on them, there are some data formats used only for transmission that are unique to news. 8.1. Batches For efficient bulk transmission and processing of news articles, it is often desirable to transmit a number of them as a single block of data, i.e., a "batch". The format of a batch is: batch = 1*( batch-header article ) batch-header = "#! rnews " article-size eol article-size = 1*digit A batch is a sequence of articles, each prefixed by a header line that includes its size. The article size is a decimal count of the octets in the article, counting each EOL as one octet regardless of how it is actually represented. NOTE: A relayer might wish to accept either a single article or a batch as input. Since "#" cannot appear in a header name, examination of the first octet of the input will reveal its nature. NOTE: In the header line, there is exactly one blank before "rnews", there is exactly one blank after "rnews", and the EOL immediately follows the article size. Beware that some software inserts non-standard trash after the size. NOTE: Despite the similarity of this format to the executable- script format used by some operating systems, it is EXTREMELY unwise to just feed incoming batches to a command interpreter in the anticipation that it will run a command named "rnews" to process the batch. Unless arrangements are made to very tightly restrict the range of commands that can be executed by this means, the security implications are disastrous. Spencer Historic [Page 74] RFC 1849 Son of 1036 March 2010 8.2. Encoded Batches When transmitting news, especially over communications links that are slow or are billed by the bit, it is often desirable to batch news and apply data compression to the batches. Transmission links sending compressed batches SHOULD use out-of-band means of communication to specify the compression algorithm being used. If there is no way to send out-of-band information along with a batch, the following encapsulation for a compressed batch MAY be used: ec-batch = "#! " compression-keyword eol compressed-batch compression-keyword = "cunbatch" A line containing a keyword indicating the type of compression is followed by the compressed batch. The only truly widespread compression keyword at present is "cunbatch", indicating compression using the widely distributed "compress" program. Other compression keywords MAY be used by mutual agreement between the hosts involved. NOTE: An encapsulated compressed batch is NOT, in general, a text file, despite having an initial text line. This combination of text and non-text data is often awkward to handle; for example, standard decompression programs cannot be used without first stripping off the initial line, and that in turn is painful to do because many text-handling tools that are superficially suited to the job do not cope well with non-text data, hence the recommendation that out-of-band communication be used instead when possible. NOTE: For UUCP transmission, where a batch is typically transmitted by invoking the remote command "rnews" with the batch as its input stream, a plausible out-of-band method for indicating a compression type would be to give a compression keyword in an option to "rnews", perhaps in the form: rnews -d decompressor where "decompressor" is the name of a decompression program (e.g., "uncompress" for a batch compressed with "compress" or "gunzip" for a batch compressed with "gzip"). How this decompression program is located and invoked by the receiving relayer is implementation-specific. NOTE: See the notes in Section 8.1 on the inadvisability of feeding batches directly to command interpreters. Spencer Historic [Page 75] RFC 1849 Son of 1036 March 2010 NOTE: There is exactly one blank between "#!" and the compression keyword, and the EOL immediately follows the keyword. 8.3. News within Mail It is often desirable to transmit news as mail, either for the convenience of a human recipient or because that is the only type of transmission available on a restrictive communication path. Given the similarity between the news format and the MAIL format, it is superficially attractive to just send the news article as a mail message. This is typically a mistake: mail-handling software often feels free to manipulate various headers in undesirable ways (in some cases, such as Sender, such manipulation is actually mandatory), and mail transmission problems, etc. MUST be reported to the administrators responsible for the mail transmission rather than to the article's author. In general, news sent as mail should be encapsulated to separate the MAIL headers and the news headers. When the intended recipient is a human, any convenient form of encapsulation may be used. Recommended practice is to use MIME encapsulation with a content type of "message/news", given that news articles have additional semantics beyond what "message/rfc822" implies. NOTE: "message/news" was registered as a standard subtype by IANA 22 June 1993. When mail is being used as a transmission path between two relayers, however, a standard method is desirable. Currently the standard method is to send the mail to an address whose local part is "rnews", with whatever MAIL headers are necessary for successful transmission. The news article (including its headers) is sent as the body of the mail message, with an "N" prepended to each line. NOTE: The "N" reduces the probability of an innocent line in a news article being taken as a magic command to mail software and makes it easy for receiving software to strip off any lines added by mail software (e.g., the trailing empty line added by some UUCP mail software). This method has its weaknesses. In particular, it assumes that the mail transmission channel can transmit nearly arbitrary body text undamaged. When mail is being used as a transmission path of last resort, however, the mail system often has inconvenient preconceived notions about the format of message bodies. Various ad hoc encoding schemes have been used to avoid such problems. The recommended method is to send a news article or batch as the body of a MIME mail Spencer Historic [Page 76] RFC 1849 Son of 1036 March 2010 message, using content type "application/news-transmission" and MIME's "base64" encoding (which is specifically designed to survive all known major mail systems). NOTE: In the process, MIME conventions could be used to fragment and reassemble an article that is too large to be sent as a single mail message over a transmission path that restricts message length. In addition, the "conversions" parameter to the content type could be used to indicate what (if any) compression method has been used. Also, the Content-MD5 header [RFC1544] can be used as a "checksum" to provide high confidence of detecting accidental damage to the contents. UNRESOLVED ISSUE: The "conversions" parameter no longer exists. What should be done about this, if anything? NOTE: It might look tempting to use a content type such as "message/X-netnews", but MIME bans non-trivial encodings of the entire body of messages with content type "message". The intent is to avoid obscuring nested structure underneath encodings. For inter-relayer news transmission, there is no nested structure of interest, and it is important that the entire article (including its headers, not just its body) be protected against the vagaries of intervening mail software. This situation appears to fit the MIME description of circumstances in which "application" is the proper content type. NOTE: "application/news-transmission", with a "conversions" parameter, was registered as a standard subtype by IANA 22 June 1993. UNRESOLVED ISSUE: The "conversions" parameter no longer exists in MIME. What should we do about this? 8.4. Partial Batches UNRESOLVED ISSUE: The existing batch conventions assemble (potentially) many articles into one batch. Handling very large articles would be substantially less troublesome if there was also a fragmentation convention for splitting a large article into several batches. Is this worth defining at this time? 9. Propagation and Processing Most aspects of news propagation and processing are implementation- specific. The basic propagation algorithms, and certain details of how they are implemented, nevertheless need to be standard. Spencer Historic [Page 77] RFC 1849 Son of 1036 March 2010 There are two important principles that news implementors (and administrators) need to keep in mind. The first is the well-known Internet Robustness Principle: Be liberal in what you accept, and conservative in what you send. However, in the case of news there is an even more important principle, derived from a much older code of practice, the Hippocratic Oath (we will thus call this the Hippocratic Principle): First, do no harm. It is VITAL to realize that decisions that might be merely suboptimal in a smaller context can become devastating mistakes when amplified by the actions of thousands of hosts within a few hours. 9.1. Relayer General Issues Relayers MUST NOT alter the content of articles unnecessarily. Well- intentioned attempts to "improve" headers, in particular, typically do more harm than good. It is necessary for a relayer to prepend its own name to the Path content (see Section 5.6) and permissible for it to rewrite or delete the Xref header (see Section 6.12). Relayers MAY delete the thoroughly obsolete headers described in Appendix A.3, although this behavior no longer seems useful enough to encourage. Other alterations SHOULD be avoided at all costs, as per the Hippocratic Principle. NOTE: As discussed in Section 2.3, tidying up the headers of a user-prepared article is the job of the posting agent, not the relayer. The relayer's purpose is to move already-compliant articles around efficiently without damaging them. Note that in existing implementations, specific programs may contain both posting-agent functions and relayer functions. The distinction is that posting-agent functions are invoked only on articles posted by local posters, never on articles received from other relayers. NOTE: A particular corollary of this rule is that relayers should not add headers unless truly necessary. In particular, this is not SMTP; do not add Received headers. Relayers MUST NOT pass non-conforming articles on to other relayers, except perhaps in a cooperating subnet that has agreed to permit certain kinds of non-conforming behavior. This is a direct consequence of the Internet Robustness Principle. Spencer Historic [Page 78] RFC 1849 Son of 1036 March 2010 The two preceding paragraphs may appear to be in conflict. What is to be done when a non-conforming article is received? The Robustness Principle argues that it should be accepted but must not be passed on to other relayers while still non-conforming, and the Hippocratic Principle strongly discourages attempts at repair. The conclusion that this appears to lead to is correct: a non-conforming article MAY be accepted for local filing and processing, or it MAY be discarded entirely, but it MUST NOT be passed on to other relayers. A relayer MUST NOT respond to the arrival of an article by sending mail to any destination, other than a local administrator, except by explicit prearrangement with the recipient. Neither posting an article (other than certain types of control messages; see Section 7.5) nor being the moderator of a moderated newsgroup constitutes such prearrangement. UNDER NO CIRCUMSTANCES WHATSOEVER may a relayer attempt to send mail to either an article's originator or a moderator. NOTE: Reporting apparent errors in message composition is the job of a posting agent, not a relayer. The same is true of mailing moderated-newsgroup postings to moderators. In networks of thousands of cooperating relayers, it is simply unacceptable for there to be any circumstance whatsoever that causes any significant fraction of them to simultaneously send mail to the same destination. (Some control messages are exceptions, although perhaps ill-advised ones.) What might, in a smaller network, be a useful notification or forwarding becomes a deluge of nearly identical messages that can bring mail software to its knees and severely inconvenience recipients. Moderators, in particular, historically have suffered grievously from this. Notification of problems in incoming articles MAY go to local administrators, or at most (by prearrangement!) to the administrators of the neighboring relayer(s) that passed on the problematic articles. NOTE: It would be desirable to notify the author that his posting is not propagating as he expects. However, there is no known method for doing this that will scale up gracefully. (In particular, "notify only if within N relayers of the originator" falls down in the presence of commercial news services like UUNET: there may be hundreds or thousands of relayers within a couple of hops of the originator.) The best that can be done right now is to notify neighbors, in hopes that the word will eventually propagate up the line, or organize regional monitoring at major hubs. Spencer Historic [Page 79] RFC 1849 Son of 1036 March 2010 If it is necessary to alter an article, e.g., translate it to another character set or alter its EOL representation, strenuous efforts should be made to ensure that such transformations are reversible, and that relayers or other software that might wish to reverse them know exactly how to do so. NOTE: For example, a cooperating subnet that exchanges articles using a non-ASCII character set like EBCDIC should define a standard, reversible ASCII-EBCDIC mapping and take pains to see that it is used at all points where the subnet meets the outside. If the only reason for using EBCDIC is that the readers typically employ EBCDIC devices, it would be more robust to employ ASCII as the interchange format and do the transformation in the reading and posting agents. 9.2. Article Acceptance and Propagation When a relayer first receives an article, it must decide whether to accept it. (This applies regardless of whether the article arrived by itself or as part of a batch, and in principle regardless of whether it originated as a local posting or as traffic from another relayer.) In a cooperating subnet with well-controlled propagation paths, some of the tests specified here MAY be delegated to centrally located relayers; that is, relayers that can receive news ONLY via one of the central relayers might simplify acceptance testing based on the assumption that incoming traffic has already passed the full set of tests at a central relayer. The wording that follows is based on a model in which articles arrive on a relayer's host before acceptance tests are done. However, depending on the degree of integration of the transport mechanisms and the relayer, some or all of these tests MAY be done before the article is actually transmitted, so that articles that definitely will not be accepted need not be transmitted at all. The wording that follows also specifies a particular order for the acceptance tests. While this order is the obvious one, the tests MAY be done in any order. First, the relayer MUST verify that the article is a legal news article, with all mandatory headers present with legal contents. NOTE: This check in principle is done by the first relayer to see an article, so an article received from another relayer should always be legal, but there is enough old software still operational that this cannot be taken for granted; see the discussion of the Internet Robustness Principle in Section 9.1. Spencer Historic [Page 80] RFC 1849 Son of 1036 March 2010 Second, the relayer MUST determine whether it has already seen this article (identified by its message ID). This is normally done by retaining a history of all article message IDs seen in the last N days, where the value of N is decided by the relayer's administrator but SHOULD be at least 7. Since N cannot practically be infinite, articles whose Date content indicates that they are older than N days are declared "stale" and are deemed to have been seen already. NOTE: This check is important because news propagation topology is typically redundant, often highly so, and it is not at all uncommon for a relayer to receive the same article from several neighbors. The history of already-seen message IDs can get quite large, hence, the desire to limit its length, but it is important that it be long enough that slowly propagating articles are not classed as stale. News propagation within the Internet is normally very rapid, but when UUCP links are involved, end-to-end delays of several days are not rare, so a week is not a particularly generous minimum. NOTE: Despite generally more rapid propagation in recent times, it is still not unheard of for some propagation paths to be very slow. This can introduce the possibility of old articles arriving again after they are gone from the history, hence the "stale" rule. Third, the relayer MUST determine whether any of the article's newsgroups are "subscribed to" by the host, i.e., fit a description of what hierarchies or newsgroups the site wants to receive. NOTE: This check is significant because information on what newsgroups a relayer wishes to receive is often stored at its neighbors, who may not have up-to-date information or may simplify the rules for implementation reasons. As a hedge against the possibility of missed or delayed newgroup control messages, relayers may wish to observe a notion of a newsgroup subscription that is independent of the list of newsgroups actually known to the relayer. This would permit reception and relaying of articles in newsgroups that the relayer is not (yet) aware of, subject to more general criteria indicating that they are likely to be of interest. Once an article has been accepted, it may be passed on to other relayers. The fundamental news propagation rule is a flooding algorithm: on receiving and accepting an article, send it to all neighboring relayers not already in its path list that are sent its newsgroup(s) and distribution(s). Spencer Historic [Page 81] RFC 1849 Son of 1036 March 2010 NOTE: The path list's role in loop prevention may appear relatively unimportant, given that looping articles would typically be rejected as duplicates anyway. However, the path list's role in preventing superfluous transmissions is not trivial. In particular, the path list is the only thing that prevents relayer X, on receiving an article from relayer Y, from sending it back to Y again. (Indeed, the usual symptom of confusion about relayer names is that incoming news loops back in this manner.) The looping articles would be rejected as duplicates, but doubling the communications load on every news transmission path is not to be taken lightly! In general, relayers SHOULD NOT make propagation decisions by "anticipation": relayer X, noting that the article's path list already contains relayer Y, decides not to send it to relayer Z because X anticipates that Z will get the article by a better path. If that is generally true, then why is there a news feed from X to Z at all? In fact, the "better path" may be running slowly or may be down. News propagation is very robust precisely because some redundant transmission is done "just in case". If it is imperative to limit unnecessary traffic on a path, use of NNTP [RFC977] or ihave/sendme (see Section 7.2) to pass articles only when necessary is better than arbitrary decisions not to pass articles at all. Anticipation is occasionally justified in special cases. Such cases should involve both (1) a cooperating subnet whose propagation paths are well-understood and well-monitored, with failures and slowdowns noticed and dealt with promptly, and (2) a persistent pattern of heavy unnecessary traffic on a path that is either slow or costly. In addition, there should be some reason why neither NNTP nor ihave/sendme is suitable as a solution to the problem. 9.3. Administrator Contact It is desirable to have a standardized contact address for a relayer's administrators, in the spirit of the "postmaster" address for mail administrators. Mail addressed to "newsmaster" on a relayer's host MUST go to the administrator(s) of that relayer. Mail addressed to "usenet" on the relayer's host SHOULD be handled likewise. Mail addressed to either address on other hosts using the same news database SHOULD be handled likewise. NOTE: These addresses are case-sensitive, although it would be desirable for sequences equivalent to them using case-insensitive comparison to be handled likewise. While "newsmaster" seems the preferred network-independent address, by analogy to "postmaster", there is an existing practice of using "usenet" for this purpose, Spencer Historic [Page 82] RFC 1849 Son of 1036 March 2010 and so "usenet" should be supported if at all possible (especially on hosts belonging to Usenet!). The address "news" is also sometimes used for purposes like this, but less consistently. 10. Gatewaying Gatewaying of traffic between news networks using this Draft and those using other exchange mechanisms can be useful but must be done cautiously. Gateway administrators are taking on significant responsibilities and must recognize that the consequences of error can be quite serious. 10.1. General Gatewaying Issues This section will primarily address the problems of gatewaying traffic INTO news networks. Little can be said about the other direction without some specific knowledge of the network(s) involved. However, the two issues are not entirely independent: if a non-news network is gatewayed into a news network at more than one point, traffic injected into the non-news network by one gateway may appear at another as a candidate for injection back into the news network. This raises a more general principle, the single most important issue for gatewaying: Above all, prevent loops. The normal loop prevention of news transmission is vitally dependent on the Message-ID header. Any gateway that finds it necessary to remove this header, alter it, or supersede it (by moving it into the body) MUST take equally effective precautions against looping. NOTE: There are few things more effective at turning news readers into a lynch mob than a malfunctioning gateway, or pair of gateways, that takes in news articles, mangles them just enough to prevent news relayers from recognizing them as duplicates, and regurgitates them back into the news stream. This happens rather too often. Gateway implementors should realize that gateways have all of the responsibilities of relayers, plus the added complications introduced by transformations between different information formats. Much of the discussion in Section 9 about relayer issues is relevant to gateways as well. In particular, gateways SHOULD keep a history of recently seen articles, as described in Section 9.2, and not assume that articles will never reappear. This is particularly important for networks that have their own concept analogous to message IDs: a gateway should keep a history of traffic seen from BOTH directions. Spencer Historic [Page 83] RFC 1849 Son of 1036 March 2010 If at all possible, articles entering the non-news network SHOULD be marked in some way so that they will NOT be re-gatewayed back into news. Multiple gateways obviously must agree on the marking method used; if it is done by having them know each others' names, name changes MUST be coordinated with great care. If marking cannot be done, all transformations MUST be reversible so that a re-gatewayed article is identical to the original (except perhaps for a longer Path header). Gateways MUST NOT pass control messages (articles containing Control, Also-Control, or Supersedes headers) without removing the headers that make them control messages, unless there are compelling reasons to believe that they are relevant to both sides and that conventions are compatible. If it is truly desirable to pass them unaltered, suitable precautions MUST be taken to ensure that there is NO POSSIBILITY of a looping control message. NOTE: The damage done by looping articles is multiplied a thousandfold if one of the affected articles is something like a sendsys message (see Section 7.5) that requests multiple automatic replies. Most gateways simply should not pass control messages at all. If some unusual reason dictates doing so, gateway implementors and administrators are urged to consider bulletproof rate-limiting measures for the more destructive ones like sendsys, e.g., passing only one per hour no matter how many are offered. Gateways, like relayers, SHOULD make determined efforts to avoid mangling articles unnecessarily. In the case of gateways, some transformations may be inevitable, but keeping them to a minimum and ensuring that they are reversible is still highly desirable. Gateways MUST avoid destroying information. In particular, the restrictions of Section 4.2.2 are best taken with a grain of salt in the context of gateways. Information that does not translate directly into news headers SHOULD be retained, perhaps in "X-" headers, both because it may be of interest to sophisticated readers and because it may be crucial to tracing propagation problems. Gateway implementors should take particular note of the discussion of mailed replies, or more precisely the ban on same, in Section 9.1. Gateway problems MUST be reported to the local administration, not to the innocent originator of traffic. "Gateway problems" here includes all forms of propagation anomaly on the non-news side of the gateway, e.g., unreachable addresses on a mailing list. Note that this requires consideration of possible misbehavior of "downstream" hosts, not just the gateway host. Spencer Historic [Page 84] RFC 1849 Son of 1036 March 2010 10.2. Header Synthesis News articles prepared by gateways MUST be legal news articles. In particular, they MUST include all of the mandatory headers (see Section 5) and MUST fully conform to the restrictions on said headers. This often requires that a gateway function not only as a relayer but also partly as a posting agent, aiding in the synthesis of a conforming article from non-conforming input. NOTE: The full-conformance requirement needs particularly careful attention when gatewaying mailing lists to news, because a number of constructs that are legal in MAIL headers are NOT permissible in news headers. (Note also that not all mail traffic fully conforms to even the MAIL specification.) The rest of this section will be phrased in terms of mail-to-news gatewaying, but most of it is more generally applicable. The mandatory headers generally present few problems. If no date information is available, the gateway should supply a Date header with the gateway's current date. If only partial information is available (e.g., date but not time), this should be fleshed out to a full Date header by adding default values, not by mixing in parts of the gateway's current date. (Defaults should be chosen so that fleshed-out dates will not be in the future!) It may be necessary to map time zone information to the restricted forms permitted in the news Date header. See Section 5.1. NOTE: The prohibition of mixing dates is on the theory that it is better to admit ignorance than to lie. If the author's address as supplied in the original message is not suitable for inclusion in a From header, the gateway MUST transform it so it is (for example, by use of the "% hack" and the domain address of the gateway). The desire to preserve information is NOT an excuse for violating the rules. If the transformation is drastic enough that there is reason to suspect loss of information, it may be desirable to include the original form in an "X-" header, but the From header's contents MUST be as specified in Section 5.2. If the message contains a Message-ID header, the contents should be dealt with as discussed in Section 10.3. If there is no message ID present, it will be necessary to synthesize one, following the news rules (see Section 5.3). Every effort should be made to produce a meaningful Subject header; see Section 5.4. Many news readers select articles to read based on Subject headers, and inserting a placeholder like "<no subject Spencer Historic [Page 85] RFC 1849 Son of 1036 March 2010 available>" is considered highly objectionable. Even synthesizing a Subject header by picking out the first half-dozen nouns and adjectives in the article body is better than using a placeholder, since it offers SOME indication of what the article might contain. The contents of the Newsgroups header (Section 5.5) are usually predetermined by gateway configuration, but a gateway to a network that has its own concept of newsgroups or discussions might have to make transformations. Such transformations should be reversible; otherwise, confusion is likely on both sides. It will rarely be possible for gateways to provide a Path header that is both an accurate history of the relayers the article has passed through AS NEWS and a usable reply address. The history function MUST be given priority; see the discussion in Section 5.6. It will usually be necessary for a gateway to supply an empty path list, abandoning the reply function. It is desirable for gatewayed articles to convey as much useful information as possible, e.g., by use of optional news headers (see Section 6) when the relevant information is available. Synthesis of optional headers can generally follow similar rules. Software synthesizing References headers should note the discussion in Section 6.5 concerning the incompatibility between MAIL and news. Also of interest is the possibility of incorporating information from In-Reply-To headers and from attribution lines in the body; an incomplete or somewhat conjectural References header is much better than none at all, and reading agents already have to cope with incomplete or slightly erroneous References lists. 10.3. Message ID Mapping This section, like the previous one, is phrased in terms of mail being gatewayed into news, but most of the discussion should be more generally applicable. A particularly sticky problem of gatewaying mail into news is supplying legal news message IDs. Note, in particular, that not all MAIL message IDs are legal in news; the news syntax (specified in Section 5.3, with related material in Section 5.2) is more restrictive. Generating a fully conforming news article from a mail message may require transforming the message ID somewhat. Generation and transformation of message IDs assumes particular importance if a given mailing list (or whatever) is being handled by more than one gateway. It is highly desirable that the same article contents not appear twice in the same newsgroup, which requires that Spencer Historic [Page 86] RFC 1849 Son of 1036 March 2010 they receive the same message ID from all gateways. Gateways SHOULD use the following algorithm (possibly modified by the later discussion of gatewaying into more than one newsgroup) unless local considerations dictate another: 1. Separate message ID from surroundings, if necessary. A plausible method for this is to start at the first "<", end at the next ">", and reject the message if no ">" is found or a second "<" is seen before the ">". Also reject the message if the message ID contains no "@" or more than one "@", or if it contains no ".". Also reject the message if the message ID contains non-ASCII characters, ASCII control characters, or white space. NOTE: Any legitimate domain will include at least one ".". [RFC822], Section 6.2.2, forbids white space in this context when passing mail on to non-MAIL software. 2. Delete the leading "<" and trailing ">". Separate message ID into local part and domain at the "@". 3. In both components, transliterate leading dots (".", ASCII 46), trailing dots, and dots after the first in sequences of two or more consecutive dots, into underscores (ASCII 95). 4. In both components, transliterate disallowed characters other than dots (see the definition of <unquoted-char> in Section 5.2) to underscores (ASCII 95). 5. Form the message ID as "<" local-part "@" domain ">" NOTE: This algorithm is approximately that of Rich Salz's successful gatewaying package. Despite the desire to keep message IDs consistent across multiple gateways, there is also a more subtle issue that can require a different approach. If the same articles are being gatewayed into more than one newsgroup, and it is not possible to arrange that all gateways gateway them to the same cross-posted set of newsgroups, then the message IDs in the different newsgroups MUST be DIFFERENT. NOTE: Otherwise, arrival of an article in one newsgroup will prevent it from appearing in another, and which newsgroup a particular article appears in will be an accident of which direction it arrives from first. It is very difficult to maintain a coherent discussion when each participant sees a randomly Spencer Historic [Page 87] RFC 1849 Son of 1036 March 2010 selected 50% of the traffic. The fundamental problem here is that the basic assumption behind message IDs is being violated: the gateways are assigning the same message ID to articles that differ in an important respect (Newsgroups header). In such cases, it is suggested that the newsgroup name, or an agreed- on abbreviation thereof, be prepended to the local part of the message ID (with a separating ".") by the gateway. This will ensure that multiple gateways generate the same message ID, while also ensuring that different newsgroups can be read independently. NOTE: It is preferable to have the gateway(s) cross-post the article, avoiding the issue altogether, but this may not be feasible, especially if one newsgroup is widespread and the other is purely local. 10.4. Mail to and from News Gatewaying mail to news, and vice versa, is the most obvious form of news gatewaying. It is common to set up gateways between news and mail rather too casually. It is hard to go very wrong in gatewaying news into a mailing list, except for the non-trivial matter of making sure that error reports go to the local administration rather than to the authors of news articles. (This requires attention to the "envelope address" as well as to the message headers.) Doing the reverse connection correctly is much harder than it looks. NOTE: In particular, just feeding the mail message to "inews -h" or the equivalent is NOT, repeat NOT, adequate to gateway mail to news. Significant gatewaying software is necessary to do it right. Not all headers of mail messages conform to even the MAIL specifications, never mind the stricter rules for news. It is useful to distinguish between two different forms of mail-to-news gatewaying: gatewaying a mailing list into a newsgroup, and operating a "post-by-mail" service in which individual articles can be posted to a newsgroup by mailing them to a specific address. In the first case, the message is already being "broadcast", and the situation can be viewed as gatewaying one form of news into another. The second case is closer to that of a moderator posting submissions to a moderated newsgroup. In either case, the discussions in the preceding two sections are relevant, as is the Hippocratic Principle of Section 9. However, some additional considerations are specific to mail-to-news gatewaying. Spencer Historic [Page 88] RFC 1849 Son of 1036 March 2010 As mentioned in Section 6, point-to-point headers like To and Cc SHOULD NOT appear as such in news, although it is suggested that they be transformed to "X-" headers, e.g., X-To and X-Cc, to preserve their information content for possible use by readers or troubleshooters. The Received header is entirely specific to MAIL and SHOULD be deleted completely during gatewaying, except perhaps for the Received header supplied by the gateway host itself. The Sender header is a tricky case, one where mailing-list and post- by-mail practice should differ. For gatewaying mailing lists, the mailing-list host should be considered a relayer, and the From and Sender headers supplied in its transmissions left strictly untouched. For post-by-mail, as for a moderator posting a mailed submission, the Sender header should reflect the poster rather than the author. If a post-by-mail gateway receives a message with its own Sender header, it might wish to preserve the content in an X-Sender header. It will generally be necessary to transform between mail's In-Reply-To/References convention and news's References/See-Also convention, to preserve correct semantics of cross references. This also requires attention when going the other way, from news to mail. See the discussion of the difference in Section 6.5. 10.5. Gateway Administration Any news system will benefit from an attentive administrator, preferably assisted by automated monitoring for anomalies. This is particularly true of gateways. Gateway software SHOULD be instrumented so that unusual occurrences, such as sudden massive surges in traffic, are reported promptly. It is desirable, in fact, to go further: gateway software SHOULD endeavor to limit damage in the event that the administrator does not respond promptly. NOTE: For example, software might limit the gatewaying rate by queueing incoming traffic and emptying the queue at a finite maximum rate (well below the maximum that the host is capable of!) that is set by the administrator and is not raised automatically. Traffic gatewayed into a news network SHOULD include a suitable header, perhaps X-Gateway-Administrator, giving an electronic address that can be used to report problems. This SHOULD be an address that goes directly to a human, and not to a "routine administrative issues" mailbox that is examined only occasionally, since the point is to be able to reach the administrator quickly in an emergency. Gateway administrators SHOULD arrange substitutes to cover gateway operation (with suitable redirection of mail) when they are on vacation, etc. Spencer Historic [Page 89] RFC 1849 Son of 1036 March 2010 11. Security and Related Issues Although the interchange format itself raises no significant security issues, the wider context does. 11.1. Leakage The most obvious form of security problem with news is "leakage" of articles that are intended to have only restricted circulation. The flooding algorithm is EXTREMELY good at finding any path by which articles can leave a subnet with supposedly restrictive boundaries. Substantial administrative effort is required to ensure that local newsgroups remain local, unless connections to the outside world are tightly restricted. A related problem is that the sendme control message can be used to ask for any article by its message ID. The usefulness of this has declined as message-ID generation algorithms have become less predictable, but it remains a potential problem for "secure" newsgroups. Hosts with such newsgroups may wish to disable the sendme control message entirely. The sendsys, version, and whogets control messages also allow "outsiders" to request information from "inside", which may reveal details of internal topology (etc.) that are considered confidential. (Note that at least limited openness about such matters may be a condition of membership in such networks, e.g., Usenet.) Organizations wishing to control these forms of leakage are strongly advised to designate a small number of "official gateway" hosts to handle all news exchange with the outside world, so that a bounded amount of administrative effort is needed to control propagation and eliminate problems. Attempts to keep news out entirely, by refusing to support an official gateway, typically result in large numbers of unofficial partial gateways appearing over time. Such a configuration is much more difficult to troubleshoot. A somewhat related problem is the possibility of proprietary material being disclosed unintentionally by a poster who does not realize how far his words will propagate, either from sheer misunderstanding or because of errors made (by human or software) in followup preparation. There is little that can be done about this except education. Spencer Historic [Page 90] RFC 1849 Son of 1036 March 2010 11.2. Attacks Although the limitations of the medium restrict what can be done to attack a host via news, some possibilities exist, most of them problems news shares with mail. If reading agents are careless about transmitting non-printable characters to output devices, malicious posters may post articles containing control sequences ("letterbombs") meant to have various destructive effects on output devices. Possible effects depend on the device, but they can include hardware damage (e.g., by repeated writing of values into configuration memories that can tolerate only a limited number of write cycles) and security violation (e.g., by reprogramming function keys potentially used by privileged readers). A more sophisticated variation on the letterbomb is inclusion of "Trojan horses" in programs. Obviously, readers must be cautious about using software found in news, but more subtly, reading agents must also exercise care. MIME messages can include material that is executable in some sense, such as PostScript documents (which are programs!), and letterbombs may be introduced into such material. Given the presence of finite resources and other software limitations, some degree of system disruption can be achieved by posting otherwise-innocent material in great volume, either in single huge articles (see Section 4.6) or in a stream of modest-sized articles. (Some would say that the steady growth of Usenet volume constitutes a subtle and unintentional attack of the latter type; certainly it can have disruptive effects if administrators are inattentive.) Systems need some ability to cope with surges, because single huge articles occur occasionally as the result of software error, innocent misunderstanding, or deliberate malice; and downtime at upstream hosts can cause droughts, followed by floods, of legitimate articles. (There is also a certain amount of normal variation; for example, Usenet traffic is noticeably lighter on weekends and during Christmas holidays, and rises noticeably at the start of the school term of North American universities.) However, a site that normally receives little traffic may be quite vulnerable to "swamping" attack if its software is insufficiently careful. In general, careless implementation may open doors that are not intrinsic to news. In particular, implementation of control messages (see Sections 6.6 and 7) and unbatchers (see Sections 8.1 and 8.2) via a command interpreter requires substantial precautions to ensure that only the intended capabilities are available. Care must also be taken that article-supplied text is not fed to programs that have escapes to command interpreters. Spencer Historic [Page 91] RFC 1849 Son of 1036 March 2010 Finally, there is considerable potential for malice in the sendsys, version, and whogets control messages. They are not harmful to the hosts receiving them as news, but they can be used to enlist those hosts (by the thousands) as unwitting allies in a mail-swamping attack on a victim who may not even receive news. The precautions discussed in Section 7.5 can reduce the potential for such attacks considerably, but the hazard cannot be eliminated as long as these control messages exist. 11.3. Anarchy The highly distributed nature of news propagation, and the lack of adequate authentication protocols (especially for use over the less- interactive transport mechanisms such as UUCP), make article forgery relatively straightforward. It may be possible to at least track a forgery to its source, once it is recognized as such, but clever forgers can make even that relatively difficult. The assumption that forgeries will be recognized as such is also not to be taken for granted; readers are notoriously prone to blindly assuming authenticity. If a forged article's initial path list includes the relayer name of the supposed poster's host, the article will never be sent to that host, and the alleged author may learn about the forgery secondhand or not at all. A particularly noxious form of forgery is the forged "cancel" control message. Notably, it is relatively straightforward to write software that will automatically send out a (forged) cancel message for any article meeting some criterion, e.g., written by a specific author. The authentication problems discussed in Section 7.1 make it difficult to solve this without crippling cancel's important functionality. A related problem is the possibility of disagreements over newsgroup creation, on networks where such things are not decided by central authorities. There have been cases of "rmgroup wars", where one poster persistently sends out newgroup messages to create a newsgroup and another, equally persistently, sends out rmgroup messages asking that it be removed. This is not particularly damaging, if relayers are configured to be cautious, but it can cause serious confusion among innocent third parties who just want to know whether or not they can use the newsgroup for communication. 11.4. Liability News shares the legal uncertainty surrounding other forms of electronic communication: what rules apply to this new medium of information exchange? News is a particularly problematic case Spencer Historic [Page 92] RFC 1849 Son of 1036 March 2010 because it is a broadcast medium rather than a point-to-point one like mail, and analogies to older forms of communication are particularly weak. Are news-carrying hosts common carriers, like the phone companies, providing communications paths without having either authority over or responsibility for content? Or are they publishers, responsible for the content regardless of whether they are aware of it or not? Or something in between? Such questions are particularly significant when the content is technically criminal, e.g., some types of sexually oriented material in some jurisdictions, in which case ignorance of its presence may not be an adequate defense. Even in milder situations such as libel or copyright violation, the responsibilities of the poster, his host, and other hosts carrying the traffic are unclear. Note, in particular, the problems arising when the article is a forgery, or when the alleged author claims it is a forgery but cannot prove this. 12. References [ISO/IEC9899] "Information technology - Programming Language C", ISO/IEC 9899:1990 {more recently 9899:1999}, 1990. [Metamail] Borenstein, N., <http://ftp.funet.fi/pub/unix/mail/metamail/ANNOUNCE>, February 1994. [RFC821] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 821, August 1982. [RFC822] Crocker, D., "STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT MESSAGES", STD 11, RFC 822, August 1982. [RFC850] Horton, M., "Standard for interchange of Usenet messages", RFC 850, June 1983. [RFC977] Kantor, B. and P. Lapsley, "Network News Transfer Protocol - A Proposed Standard for the Stream-Based Transmission of News", RFC 977, February 1986. [RFC1036] Horton, M. and R. Adams, "Standard for interchange of USENET Messages", RFC 1036, December 1987. [RFC1123] Braden, R., Ed., "Requirements for Internet Hosts - Application and Support", STD 3, RFC 1123, October 1989. Spencer Historic [Page 93] RFC 1849 Son of 1036 March 2010 [RFC1341] Borenstein, N. and N. Freed, "MIME (Multipurpose Internet Mail Extensions): Mechanisms for Specifying and Describing the Format of Internet Message Bodies", RFC 1341, June 1992. [RFC1342] Moore, K., "Representation of Non-ASCII Text in Internet Message Headers", RFC 1342, June 1992. [RFC1345] Simonsen, K., "Character Mnemonics and Character Sets", RFC 1345, June 1992. [RFC1413] St. Johns, M., "Identification Protocol", RFC 1413, February 1993. [RFC1456] Vietnamese Standardization Working Group, "Conventions for Encoding the Vietnamese Language", RFC 1456, May 1993. [RFC1544] Rose, M., "The Content-MD5 Header Field", RFC 1544, November 1993. [RFC1896] Resnick, P. and A. Walker, "The text/enriched MIME Content-type", RFC 1896, February 1996. [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996. [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, November 1996. [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, November 1996. [RFC2049] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples", RFC 2049, November 1996. [RFC2822] Resnick, P., Ed., "Internet Message Format", RFC 2822, April 2001. [RFC3977] Feather, C., "Network News Transfer Protocol (NNTP)", RFC 3977, October 2006. Spencer Historic [Page 94] RFC 1849 Son of 1036 March 2010 [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, October 2008. [RFC5536] Murchison, K., Ed., Lindsey, C., and D. Kohn, "Netnews Article Format", RFC 5536, November 2009. [RFC5537] Allbery, R., Ed., and C. Lindsey, "Netnews Architecture and Protocols", RFC 5537, November 2009. [Sanderson] David Sanderson, Smileys, O'Reilly & Associates Ltd., 1993. [UUCP] Tim O'Reilly and Grace Todino, Managing UUCP and Usenet, O'Reilly & Associates Ltd., January 1992. [X3.4] "American National Standard for Information Systems - Coded Character Sets - 7-Bit American National Standard Code for Information Interchange (7-Bit ASCII)", ANSI X3.4, March 1986. Spencer Historic [Page 95] RFC 1849 Son of 1036 March 2010 Appendix A. Archaeological Notes A.1. "A News" Article Format The obsolete "A News" article format consisted of exactly five lines of header information, followed by the body. For example: Aeagle.642 news.misc cbosgd!mhuxj!mhuxt!eagle!jerry Fri Nov 19 16:14:55 1982 Usenet Etiquette - Please Read body body body The first line consisted of an "A" followed by an article ID (analogous to a message ID and used for similar purposes). The second line was the list of newsgroups. The third line was the path. The fourth was the date, in the format above (all fields fixed width), resembling an Internet date but not quite the same. The fifth was the subject. This format is documented for archaeological purposes only. Do not generate articles in this format. A.2. Early "B News" Article Format This obsolete pseudo-Internet article format, used briefly during the transition between the A News format and the modern format, followed the general outline of a MAIL message but with some non-standard headers. For example: From: cbosgd!mhuxj!mhuxt!eagle!jerry (Jerry Schwarz) Newsgroups: news.misc Title: Usenet Etiquette -- Please Read Article-I.D.: eagle.642 Posted: Fri Nov 19 16:14:55 1982 Received: Fri Nov 19 16:59:30 1982 Expires: Mon Jan 1 00:00:00 1990 body body body The From header contained the information now found in the Path header, plus possibly the full name now typically found in the From header. The Title header contained what is now the Subject content. Spencer Historic [Page 96] RFC 1849 Son of 1036 March 2010 The Posted header contained what is now the Date content. The Article-I.D. header contained an article ID, analogous to a message ID and used for similar purposes. The Newsgroups and Expires headers were approximately as they are now. The Received header contained the date when the latest relayer to process the article first saw it. All dates were in the above format, with all fields fixed width, resembling an Internet date but not quite the same. This format is documented for archaeological purposes only. Do not generate articles in this format. A.3. Obsolete Headers Early versions of news software following the modern format sometimes generated headers like the following: Relay-Version: version B 2.10 2/13/83; site cbosgd.UUCP Posting-Version: version B 2.10 2/13/83; site eagle.UUCP Date-Received: Friday, 19-Nov-82 16:59:30 EST Relay-Version contained version information about the relayer that last processed the article. Posting-Version contained version information about the posting agent that posted the article. Date- Received contained the date when the last relayer to process the article first saw it (in a slightly nonstandard format). These headers are documented for archaeological purposes only. Do not generate articles using them. A.4. Obsolete Control Messages There once was a senduuname control message, resembling sendsys but requesting transmission of the list of hosts to which the receiving host had UUCP connections. This rapidly ceased to be of much use, and many organizations consider information about their internal connectivity to be confidential. Historically, a checkgroups body consisting of one or two lines, the first of the form "-n newsgroup", caused checkgroups to apply to only that single newsgroup. This form is documented for archaeological purposes only; do not use it. Historically, an article posted to a newsgroup whose name had exactly three components of which the third was "ctl" signified that article was to be taken as a control message. The Subject header specified the actions in the same way the Control header does now. This form is documented for archaeological purposes only; do not use it; do not implement it. Spencer Historic [Page 97] RFC 1849 Son of 1036 March 2010 Appendix B. A Quick Tour of MIME (The editor wishes to thank Luc Rooijakkers; most of this appendix is a lightly edited version of a summary he kindly supplied.) MIME (Multipurpose Internet Mail Extensions) is an upward-compatible set of extensions to [RFC822], currently documented in [RFC2045], [RFC2046], and [RFC2047]. This appendix summarizes these documents. See the MIME RFCs for more information; they are very readable. UNRESOLVED ISSUE: These RFC numbers (here and elsewhere in this Draft) need updating when the new MIME RFCs come out {now resolved!}. MIME defines the following new headers: MIME-Version Content-Type Content-Transfer-Encoding Content-ID Content-Description The MIME-Version header is mandatory for all messages conforming to the MIME specification and carries the version number of the MIME specification. Example: MIME-Version: 1.0 The Content-Type header indicates the content type of the message. Content types are split into a top-level type and a subtype, separated by a slash. Auxiliary information can also be supplied, using an attribute-value notation. Example: Content-Type: text/plain; charset=us-ascii (In the absence of a Content-Type header this is in fact the default content type.) Important type/subtype combinations are: text/plain Plain text, possibly in a non-ASCII character set. text/enriched A very simple wordprocessor-like language supporting character attributes (e.g., underlining), justification control, and multiple character sets. (This proposal has Spencer Historic [Page 98] RFC 1849 Son of 1036 March 2010 gone through several iterations and has recently split off from the main MIME RFCs into a separate document [RFC1896].) message/rfc822 A mail message conforming to a slightly relaxed version of [RFC822]. message/partial Part of a message (supporting the transparent splitting and joining of messages when they are too large to be handled by some transport agent). message/external-body A message whose body is external. Possible access methods include via mail, FTP, local file, etc. multipart/mixed A message whose body consists of multiple parts, possibly of different types, intended to be viewed in serial order. Each part looks like an [RFC822] message, consisting of headers and a body. Most of the [RFC822] headers have no defined semantics for body parts. multipart/parallel Likewise, except that the parts are intended to be viewed in parallel (on user agents that support it). multipart/alternative Likewise, except that the parts are intended to be semantically equivalent such that the part that best matches the capabilities of the environment should be displayed. For example, a message may include plain-text, enriched-text, and postscript versions of some document. multipart/digest A variant of multipart/mixed especially intended for message digests (the default type of the parts is message/rfc822 instead of text/plain, saving on the number of headers for the parts). application/postscript A PostScript document. (PostScript is a trademark of Adobe.) Other top-level types exist for still images, audio, and video samples. Spencer Historic [Page 99] RFC 1849 Son of 1036 March 2010 Some of the above types require the ability to transport binary data. Since the existing message systems usually do not support this, MIME provides a Content-Transfer-Encoding header to indicate the kind of encoding used. The possible encodings are: 7bit No encoding; the data consists of short (less than 1000 characters) lines of 7-bit ASCII data, delimited by EOL sequences. This is the default encoding. 8bit Like 7bit, except that bytes with the high-order bit set may be present. Many transmission paths are incapable of carrying messages that use this encoding. binary No encoding; any sequence of bytes may be present. Many transmission paths are incapable of carrying messages that use this encoding. base64 The data is encoded by representing every group of 3 bytes as 4 characters from the alphabet "A-Za-z0-9+/", which was chosen for its high robustness through mail gateways (the alphabet used by uuencode does not survive ASCII-EBCDIC-ASCII translations). In the final group of 4 characters, "=" is used for those characters not representing data bytes. Line length is limited, and EOLs in the encoded form are ignored. quoted-printable Any byte can be represented by a three-character "=XX" sequence where the X's are uppercase hexadecimal digits. Bytes representing printable 7-bit US-ASCII characters except "=" may be represented literally. Tabs and blanks may be represented literally if not at the end of a line. Line length is limited, and an EOL preceded by "=" was inserted for this purpose and is not present in the original. The base64 and quoted-printable encodings are applied to data in Internet canonical form, which means that any EOL encoded as anything but EOL must be an Internet canonical EOL: CR followed by LF. The Content-Description header allows further description of a body part, analogous to the use of Subject for messages. Spencer Historic [Page 100] RFC 1849 Son of 1036 March 2010 Finally, the Content-ID header can be used to assign an identification to body parts, analogous to the assignment of identifications to messages by Message-ID. Note that most of these headers are structured header fields, as defined in [RFC822]. Consequently, comments are allowed in their values. The following is a legal MIME header: Content-Type: (a comment) text (yeah) / plain (and now some params:) ; charset= (guess what) iso-8859-1 (we don't have iso-10646 yet, pity) NOTE: Although the MIME specification was developed for mail, there is nothing precluding its use for news as well. While it might simplify implementation to restrict the MIME headers somewhat, in the same way that other news headers (e.g., From) are restricted subsets of the [RFC822] originals, this would add yet another divergence between two formats that ought to be as compatible as possible. In the case of the MIME headers, there is no body of existing code posing compatibility concerns. A full- featured MIME reading agent needs a full [RFC822] parser anyway, to properly handle body parts of types like message/rfc822, so there is little gain from restricting MIME headers. Adopting the MIME specification unchanged seems best. However, article-level MIME headers must still comply with the overall news header syntax given in Section 4, so that news software that is NOT interested in MIME need not contain a full [RFC822] parser. "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text" [RFC2047] addresses the problem of non-ASCII characters in headers. An example of a header using the [RFC2047] mechanism is From: =?ISO-8859-1?Q?Andr=E9_?= Pirard <PIRARD@vm1.ulg.ac.be> Such encodings are allowed in selected headers, subject to the restrictions listed in [RFC2047]. The MIME effort has also produced an RFC defining a Content-MD5 header [RFC1544] containing an MD5-based "checksum" of the contents of an article or body part, giving high confidence of detecting accidental modifications to the contents. The "metamail" software package [Metamail] helps provide MIME support with minimal changes to mailers and may also be relevant to news reading agents. Spencer Historic [Page 101] RFC 1849 Son of 1036 March 2010 The PEM (Privacy Enhanced Mail) effort is pursuing analogous facilities to offer stronger guarantees against malicious modifications, unauthorized eavesdropping, and forgery. This work too may be applicable to news, once it is reconciled with MIME (by efforts now underway). Spencer Historic [Page 102] RFC 1849 Son of 1036 March 2010 Appendix C. Summary of Changes Since RFC 1036 This Draft is much longer than [RFC1036], so there is obviously much change in content. Much of this is just increased precision and rigor. Noteworthy changes and additions include: + restrictions on article bodies (Section 4.3) + all references to MIME facilities + size limits on articles + precise specification of Date-content syntax + message IDs must never be re-used, ever + "!" is the only Path delimiter + multiple moderators in the Approved header + rules on References trimming, and the _-_ mechanism + generalization of the Xref rules + multiple message IDs in Cancel and Supersedes + Also-Control + See-Also + Article-Names + Article-Updates + more precise rules for cancellation + cancellation authorization based on From, not Sender + "unmoderated" and descriptors in newgroup messages + restrictive rules on handling of sendsys and version messages + the whogets control message + precise specification of checkgroups messages + compression type preferably specified out-of-band Spencer Historic [Page 103] RFC 1849 Son of 1036 March 2010 + rules for encapsulating news in MIME mail + tighter specification of relayer functioning (Section 9.1) + the "newsmaster" contact address + rules for gatewaying (Section 10) + discussion of security issues (Section 11) Spencer Historic [Page 104] RFC 1849 Son of 1036 March 2010 Appendix D. Summary of Completely New Features Most of this Draft merely documents existing practice, preferred versions thereof, or straightforward generalizations of it, but there are a few outright inventions. These are: + the _-_ mechanism for References trimming + Also-Control + See-Also + Article-Names + Article-Updates + the whogets control message Spencer Historic [Page 105] RFC 1849 Son of 1036 March 2010 Appendix E. Summary of Differences from RFCs 822 and 1123 The following are noteworthy differences between this Draft's articles and MAIL messages: + generally less-permissive header syntax + notably, limited From syntax + MAIL header comments allowed in only a few contexts + slightly more restricted message-ID syntax + several more mandatory headers + duplicate headers forbidden + References/See-Also versus In-Reply-To/References (Section 6.5) + case sensitivity in some contexts + point-to-point headers, e.g., To and Cc, forbidden (Section 6) + several new headers Author's Address Henry Spencer SP Systems Box 280 Stn. A Toronto, Ontario M5W1B2 Canada EMail: henry@zoo.utoronto.ca Spencer Historic [Page 106]