From: Bill Davidsen (davidsen@prodigy.com)
Date: Mon Mar 06 2000 - 15:47:23 CST
Brad Templeton <brad@templetons.com> wrote:
> On Mon, Mar 06, 2000 at 03:17:58PM -0500, Bill Davidsen wrote:
> > Given that a number of commercial news for hire sites advertize that
> > they carry "absolutely everything," all articles, all groups, I can't
> > believe for a moment that these sites would suddenly start honoring
> > cancels. Some don't look for Approved headers, either. And many sites
> > haven't upgraded in forever, they won't change to provide something the
> > client can do.
>
> Possibly, but I don't see this as a reason to try. There may be sites that
> don't have cancels on (because they are hugely abused) that are willing to
> run pgpmoose and its replacement -- such as a moderator's ability to do
> a signed cancel in their group.
>
> The fact that some sites will ignore the spec is not a reason against moving
> forward.
There is no spec for my proposal for encrypted or signed newsgroups, I'm
looking for technical input. And being practical, most site do some form
of filtering via Cleanfeed, cancels, NoCEM, etc, but some large ones
don't. I certainly wouldn't forbid server filtering, but I wouldn't
require it, either.
> I contradict this for factual reasons, not because it is the way I would
> do it. Have you really thought through what it would take to do it in
> properly in the client? It requires:
[... snip ...]
You describe exactly the way alt.anonymous.messages works (and some
others). Since we have an existing proof of concept that it works and
people will use it, the issue is one of convenience. Given that many
browsers will handle encrypted mail, I don't see that the handling of
news is going to be an issue.
> I am frankly astounded that you think clients would want to do this.
I'm pretty surprised that you didn't know that it's already being done,
so I guess neither of us is omnipitent.
> And all for what? The server needs to understand signatures anyway to
> understand signed control messages. So you want all this for what? So
> you can, if using such a server, have the ability to read the forgeries
> inline with other postings?
You still seem to have read something that makes you think I want to
forbid servers from filtering, when all I said was that it works even if
they don't.
> > Did I suggest it should be in overview? I don't recall that. Most sites
> > will filter in the server, and let the readers download the entire
> > article. Some might hack overview themselves, as sites do now. I don't
> > see any need to mandate or prohibit what people choose to do.
>
> If a newsreader is going to check a header, and it's the sort of header
> you need to decide whether to show the user a headline, it has to be in
> the overview or it's not going to be practical.
Again, the existance of a working group without header support sure
makes it look practical. I'd rather have it in the server, but I do
filter some groups based on article body content. I don't like it, but I
do it.
> > > There is no, zero, zip, nada value to encrypting posts in a public newsgroup.
> >
> > Another "I wouldn't do it that way." Reread the last paragraph until you
> > see what benefit might result. Feel free to think it wouldn't work, but
>
> Ok, I see your point, it's a way to force people into adopting new clients.
>
> There are a lot of other ways to do that.
I take that as an opinion that it wouldn't work, and I'm leaning that
way myself. I just take issue that the goal is without value, the method
is fair game for discussion. You could suggest one of the "other ways"
if you like. But it seems many clients do PGP for mail, so news is
almost free.
-- -bill davidsen (davidsen@prodigy.com) "The secret to procrastination is to put things off until the last possible moment - but no longer" -me