From: Brad Templeton (brad@templetons.com)
Date: Sun Jul 26 1998 - 15:41:43 CDT
On Sun, Jul 26, 1998 at 01:14:50PM -0700, John Stanley wrote:
>
> On Sun, 26 Jul 1998, Brad Templeton wrote:
> That is simply not true. Posting without a cancel lock would be trivial.
> It uses exactly the same software as the user has now. Yes, to CANCEL, one
> needs to insert a cancel lock, but you explicitely said "not to cancel,
> but to post".
Yes, that's what I said. I'm sorry you did not understand it. To make
things clear, I will explain that the idea of cancelling involves having
posts to cancel. With cancel lock authentication it is necessary to
get new *posting* software in order to issue an authenticated post, as
opposed to just needing new cancelling software.
> Brad, I really wish I knew why you make such statements. You have to know
> that it will be at least as hard to get new software in place for your
> system #2 as it would be for your system #1, yet you claim day 1
> availability for one but years for the other. System #2 includes a massive
> paradigm change, to boot.
Correct, but not for everybody. I, as a *reader* of USENET, do not want
to see rogue cancels of posts I read. Even if the posts are posted by
users of old software, because for years to come the posts I read will
be posted by users of old software.
It is not sufficient for me to turn off cancel on my system. Aside from
the fact that this breaks the whole idea of the cancel system, it does not
stop articles from being cancelled earlier on and never making it to me.
The cancel lock system would have the merit of simplicity for the user if
we were designing the net from scratch. It is however, not that useful
when you consider that it will take a long time to become widely deployed.
I want a system that:
a) Stops unauthorized cancels *today*
b) Still allows authorized cancels for *everybody*
Who would not feel this is the goal? We can come very close to that
goal, but not with the cancel lock system. So is the means to do that so
complex that we should abandon this goal?
Just how valuable is the goal the cancel lock attains: "That those who
install new posting and cancelling software, once it becomes available for
their newsreader or site, are able to authenticate their cancels, so that
at the sites which insist on that authentication, others can't illicitly
cancel their articles -- presuming their articles get to those sites and
are not intercepted at sites running older software."
The evidence seems to be mounting that we need a system now
>
> > Rule #1 of USENET design -- that which must be implemented at 300,000
> > different machines or 10,000,000 different users won't get done for years,
>
> Fortunately, cancel locks won't have to get implemented at 300000
> different machines. But signed articles will require this.
Can you explain how they require this?
>
> > USENET has fallen well behind the times.
>
> Then I guess the correct solution is for you to go elsewhere.
Indeed, if the majority of people think as you do, that is the correct
solution. And this also applies to you.
>
> then argue that by implementing them we will somehow regain the "lead".
> Of course, you fail to show why a "lead" is necessary or desirable. It
USENET should feature the best technology available to meet the needs of
users. If you have another vision for it, share it.