From: Brad Templeton (brad@main.templetons.com)
Date: Tue Aug 17 1999 - 14:47:33 CDT
On Wed, Jun 09, 1999 at 05:06:35PM +1000, Thorfinn wrote:
> Hrm. *ponder* The only way to confirm that the signer is *really*
> the moderator is to check the signature against an already obtained
> *something*... presumably the public key of the moderator.
Actually, almost certainly not the public key of the moderator. No site
wants to maintain the keys of all moderators. Instead, the moderator
will include a certificate certifying their key with the posting, that
certificate would be signed by one of a smaller number of parties -- and
the sites would keep the keys of the that much smaller number of certifiers.
> Any other scheme that involves verification that's bound up in just
> one post would not be viable, since anything of that nature will be
> equally doable by any black hat.
Huh?
>
> There just *isn't* a way to check that a particular post is approved
> by the correct moderator for a newsgroup without referring to *some*
> externally approved database of moderators.
No, the database does not need to be anywhere. The only thing you need
to know is your top level certifiers that you trust. All else falls out
from that with no other databases required.