From: Brad Templeton (brad@templetons.com)
Date: Tue Jul 14 1998 - 16:26:05 CDT
On Tue, Jul 14, 1998 at 04:44:05PM -0400, Dave Barr wrote:
> Every article is signed, adding material. Your argument doesn't hold.
No, these are two different, apple and orange issues. To verify cancels,
there is no need to sign all articles. You don't sign articles to make
cancels verifiable. You sign articles for the other benefits of
signing articles.
For the purpose of verifying a cancel, you either sign the *cancel* (or
you put cancel lock on the article and cancel-unlock on the cancel.)
>
> posted article not signed nor locked -> neither wins
No. With PK cancel, you can reliably have the cancellation of ordinary
unsigned, unlocked articles. You can post an article, realize "shit!"
and go download the cancel software or use an E-mail based cancel server
to cancel it.
> posted article signed -> signatures are bigger
This has nothing to do with cancel. The fact that the posted article is
signed does not assist in cancelling it. Indeed, I contend that if
somebody forges an article from my address (unsigned obviously as they can't
sign my address, just fake it in) then I should have the right to cancel it!
With my public key cancel I can, with a cancel lock system I can't.
Note that this can work two ways. One can insist on authenticated cancel for
all cancels. This is the eventual goal, all agree. One can have a
transition period where you allow unauthenticated cancel on some articles.
In this case you need to have a *single bit* in the article indicating that
the author will use a signed cancel if they wish to cancel it, or perhaps
a single bit indicating otherwise. In this case the issue of after the
fact cancel is not quite the same.
> posted article locked -> locks are smaller
No, they are 100 times larger, as they are per article, not per cancel.
I've tried to outline this many different ways, and am sad that there is
still some misapprehension.
Look only at the problem of verifying cancels, which is the only problem
cancel-locks address. Compare the size of locks on all articles and unlock
on the cancel to the size of nothing on the articles and signatures on the
cancels.
>
> There's no reason to have an article signed and locked, since the servers
> will know how to process either cancel.
Unless we don't do this spec right, and some sites get around that implement
only one or the other. Then people are forced to do both, probaby for years
to come. By defining two systems we would make a serious risk of this.
>
> Now, looking at the cancel side:
> posted cancel, not signed nor locked -> neither wins (applies to few articles)
Applies to *many* articles -- all cancels issued by people with old
newsreaders, which is most people for years to come.
> posted cancel, containing unlock -> smaller than w/signature
> posted cancel, containing signature -> bigger than unlocks
But this is not relevant. This "saving" in size on the cancel was won only
by adding 30 to 50 extra bytes to the 500 articles you didn't cancel.
>
> Your system of mailing a cancel off to a cancel server which does some
> handshake is silly and bad design. It's far too slow, and works only for
> global hierarchies. Every client is going to need to be modified. Let's
> agree on that fact.
Not at all. Assuming there are going to be 3rd party cancellers out there
who are trusted over a broad range of hierarchies, it works fine. And
indeed, why not trust a 3rd party canceller whose only function is to
do email challenge response on cancels from users of old software, and which
never uses its power to do subjectively judged cancels? I would trust such
an entity. The risk is low. Better than trusting nobody, or trusting
everybody, which are the only choices available on articles from users of
old software.