From: Kenneth Lorber (keni@aol.net)
Date: Thu Mar 02 2000 - 13:06:51 CST
From owner-usenet-format@landfield.com Thu Mar 2 13:48:45 EST 2000
Date: Thu, 2 Mar 2000 12:52:43 -0500 (EST)
From: Henry Spencer <henry@spsystems.net>
To: Usefor Mailing List <usenet-format@rkive.landfield.com>
Subject: Re: moderation schemes
On Wed, 1 Mar 2000, Bill Davidsen wrote:
> Assume a moderated newsgroup with robomoderation, such that all posts
> are encrypted with the moderator's private key and sent out, marked
> either "approved," "SPAM" or "unknown" in the Keywords field or some
> field for just that use. Anything which didn't pass through the
> moderator will not be properly encrypted, so forgery is pretty obvious.
Except that now you need reader software which does decryption. If you
just use digital signatures, then a forgery is obvious only to a person
or a reader which checks the signatures. Either way, the basic answer
is that it doesn't work with existing readers, which is a big obstacle.
Henry Spencer
henry@spsystems.net
How about setting up a tradeoff between verifiability and backwards
compatibility?
Use digital signatures to sign articles for group X.Y.
Define a new header X-Locally-Verified: that is always dropped on receipt
and is added to articles which the server can successfully check.
Now we get:
old server, old newsreader: no way to verify
old server, new newsreader: can do it's own verification
new server, old newsreader: verified to the extent the user trusts the server
new server, new newsreader: can do it's own verification
Ken Lorber