From: Bill Davidsen (davidsen@prodigy.com)
Date: Fri Mar 03 2000 - 12:49:49 CST
Brad Templeton <brad@templetons.com> noted:
> However, I still strongly advise that a server simply discard articles
> that fail signature tests rather than put any burden on the newsreader
> to check such a header.
This would be the "new server - any reader" case, but it requires some
changes to the server, so it won't be there instantly. And some sites by
policy don't honor cancels, etc, and won't do it even though they could.
> User looks at header:
> The only advantage I can see is it gives the user the choice
> (at the cost of forcing the user of the old newsreader) to
> see the articles that failed signature tests inline with other
> articles. Woo-hoo.
Some people want to see everything and make their own decisions. As long
as there's a mechanism by which both the server and the reader can
identify the bogus articles, the goal has been reached.
I'm sure I can do the validation at user level with a trn macro, and I'm
sure someone could write a plug-in or whatever for Netscape. If it's a
good idea other client software will follow.
> While I don't think we'll get to spec a signature here, I don't think
> any signature checking should be allocated to newsreaders. The only
> thing newsreaders will need to know about signatures is how to sign
> articles, and even that won't be required, since injectors can do it.
Since I was talking about moderator signed articles the 'bot will be
able to do it.
I'm torn between the elegance of just signed articles which anyone can
read and the motivation of encrypted posts which will encourage client
providers to add decryption features.
-- -bill davidsen (davidsen@prodigy.com) "The secret to procrastination is to put things off until the last possible moment - but no longer" -me