From: John Stanley (stanley@PEAK.ORG)
Date: Wed Jul 01 1998 - 14:14:52 CDT
On Tue, 30 Jun 1998, Henry Spencer wrote:
> > > Who is the "authority"? How is that "approved list" managed and updated?
> >
> > I consider that this falls outside the scope of a document that is
> > intended to standardize message format...
>
> No, sorry, speaking as someone who has altogether too much involvement
> right now with encryption and authentication technology, key distribution
> is most definitely an integral part of any such system. The system is
> useless without it. A specification which calls for network-wide use of
> such technology, but invokes the Tooth Fairy to handle key distribution,
> is a useless farce.
The specification defines what the message format is. It does not call for
network wide use. As I have seen others point out, this specification will
cover non-USENET activities, and mandating that they all use the same key
distribution system is silly.
> Note, however, that this means that it is *automatically* kept current and
> *automatically* carefully authenticated. Doing it manually -- which is
> essentially how the moderator list is handled now -- won't work on this
> scale.
Are there really more spam cancellers than moderators?
> If every site, or even many sites, are to be doing authentication, then
> they must all have a current, reliable copy of that list, and this will
> not happen by wishing for it, or by sweeping the problem under the rug in
> hopes that somebody else will solve it.
So we can't have a format for authenticated cancels until we have a proven
key distribution system, and nobody will bother creating a proven key
distribution system until there is a use for it. Catch 22. I guess it
doesn't happen.