From: Bill Davidsen (davidsen@prodigy.com)
Date: Fri Mar 03 2000 - 12:20:07 CST
Kenneth Lorber <keni@aol.net> suggested:
> How about setting up a tradeoff between verifiability and backwards
> compatibility?
>
> Use digital signatures to sign articles for group X.Y.
> Define a new header X-Locally-Verified: that is always dropped on receipt
> and is added to articles which the server can successfully check.
>
> Now we get:
> old server, old newsreader: no way to verify
> old server, new newsreader: can do it's own verification
> new server, old newsreader: verified to the extent the user trusts the server
> new server, new newsreader: can do it's own verification
Have to love it. People can choose to read it all, and with the "new
server" case the validation is done and as a site option any articles
which didn't go through the moderator could be dropped. We're probably
going to have to do that with moderated groups at some point anyway.
I'm sure I could do a simple patch to Cleanfeed to have a list of
"signed posts" groups, and anything there could be checked and verified.
There are a number of signed groups now, I just don't have something in
hand to enforce it, and obviously the verification key would have to be
readily available and on the server before you check, that's not a huge
issue, someone could / would set up a key registry I'm sure.
-- -bill davidsen (davidsen@prodigy.com) "The secret to procrastination is to put things off until the last possible moment - but no longer" -me