From: Brad Templeton (brad@templetons.com)
Date: Fri Jul 10 1998 - 19:14:34 CDT
On Fri, Jul 10, 1998 at 05:42:07PM -0400, Dave Barr wrote:
> >
> >In this event, you can't strip a signature, as the article is then
> >just discarded as unsigned.
>
> Okay, so the downstream site strips the signature, modifies it,
> and adds its own.
No, it can't do that. Only I can sign an article with my address in it.
Or rather, only the holder of a certificate specifying that ability, which
means me, the site-owner of my site, and the trusted higher level certificate
authorites and certificate collapse servers.
Ordinary sites in the path or elsewhere on the net can't modify my article
in any way, or remove my signature and replace it with their own, and still
have it look like it came from me.
In an authenticated group, a site that sees an article with a From: line
of "brad@templetons.com" but not signed by me (or one of the above entities
with the power to sign as me) would reject that article as a forgery.
>
> We talked before about anonymous certificates. It's supposedly easy
> to get one. I'm assuming there's no necessary relation between the From:
> and the certificate's key? (key being what it's indexed on, not key
> as in public/private key)
For USENET posting, you would need a certificate saying you can act as
a specified address, namely the address in the From line (or Approved
line if you're a moderator, or Reply-to line if you are directing replies
to another address.)
This "address" however is just what goes in the from line. It can be real,
or it can be a made up address created for you by an anonymous remailer or
anonymous certificate authority.
However, anonymous certificate authorities would only have the ability to
grant certificates for addresses that end in ".invalid" or some other subspace
that marks them as anonymous. They would not have the power to grant
a certificate for my E-mail address or any other email address not under
their control.
>
> Anyway this subthread is not very important. Modification by downstream
> sites has never been a big issue, except in the slow zone days when
> we had lots of gatewaying in and out of odd systems.
True. The main reason to sign articles is so nobody else can post as you.
Or so that spammers can be filtered out.
It is worth noting that it means that people who provide anonymous access
are likely to have to do something about spammers who use their gateways,
or see their gateways blocked out. But it will be possible to do that --
to allow anonymous gateways which, for example, limit the volume of
postings to stop spam, and to filter out anon gateways that don't take
steps to disclipline spam or other abuse. And for groups and subnets
and hierarchies to choose to allow anonymous posting, or limited
anon posting, or none at all.