From: Brad Templeton (brad@templetons.com)
Date: Mon Jul 13 1998 - 14:29:37 CDT
On Mon, Jul 13, 1998 at 11:39:48AM +0000, Charles Lindsey wrote:
> In <19980710142933.07012@main.templetons.com> Brad Templeton <brad@templetons.com> writes:
>
> >We want to stop spam, forgeries, forged cancels and allow control messages
> >to be meaningful.
>
> >Currently, unless somebody invents something new, there is only one
> >solution to this problem -- public key digital signature, with
> >certificate based key management.
>
> YES to the first, NO to the second. The number of spam cancellers,
> licensed newgroups and the like will be small enough that a PKI will not
> be needed. Sites decide in advance who they intend to trust, and obtain
> public keys accordingly.
I believe that this is the error which has caused USENET to stagnate in
so many ways.
Certificate based key management allows the delegation of administration,
to as many (or as few) levels as one wishes.
For example, at first usenet tools were designed with a "moderators" file
where people put in the address of every moderator. It quickly became
impossible to change the address of a moderator, without leaving aliases
behind at the old address.
Later, people moved to just forwarding everything to the default at
moderators.uu.net. Doing it the other way is not just too much work for
the admin, it's not a flexible enough system.
Imagine, once everybody has programmed say, Dave Lawrence in as the person
who can do a newgroup, having to change him. People would reconfigure
slowly, slowly -- it would take years, I suspect. Not because they
don't want to change, let's presume, but just because they don't have time,
or aren't aware.
Admins in those positions would be happy to delegate to soembody else
the ability to make these changes. That's what certificates do. They
allow arbitrary delegation. Not that every site in the world need delegate
to the same person. But say that sites form groups and delegate to 20
different people. Then you just have to get 20 people together to issue
the commands to change things and its done. Not 300,000.
Anything that, to change, requires that 300,000 admins get together and
make the change, won't ever change. Which is OK if you don't want it to
ever change, or want it to be very, very hard for it to change but I don't see
that as a design goal.
We're talking about authenticating:
Who can newgroup, different people for different hierarchies
Who can approve -- for every moderated group
Who can rmgroup, checkgroups, etc.
Who can 3rd party cancel
Who can post a named article with an faq, topics lists, policy
sheet, etc.
Who can cancel on behalf of a site
You simply can't do this by having each admin maintain their own private
lists of these vast numbers of keys. Certificates are a good invention,
we would be crazy not to use them.