From: Bill Davidsen (davidsen@prodigy.com)
Date: Wed Mar 08 2000 - 09:55:02 CST
Brad Templeton <brad@templetons.com> wrote:
> On Mon, Mar 06, 2000 at 04:47:23PM -0500, Bill Davidsen wrote:
> > Brad Templeton <brad@templetons.com> wrote:
> > > I am frankly astounded that you think clients would want to do this.
> >
> > I'm pretty surprised that you didn't know that it's already being done,
> > so I guess neither of us is omnipitent.
>
> I fail to see how alt.anonymous.messages matches what I describe.
It is a group filled with encrypted messages which are decoded at the
client end, using keys maintained at the client end, without server
support. A proof that (a) it is practical, and (b) people are willing to
do it.
> Are there signatures and certificates in the overveiw file for this group?
No server support (at least here).
> Are there newsreaders which check them and only display the messages signed
> by people who have a certificate chain leading back to somebody I have
> declared trust for?
trn knows about PGP, it is possible to write macros which test posts and
display only those which decode correctly. I suspect that the messages
to be tested are manually selected, but it doesn't matter, readers are
willingn to do it the way it is, improving the interface can only help.
> Are there newsreaders which maintain a certificate
> database and a CRL and automatically update it? I don't see any of
> this going on.
No, and people still use it.
> > You still seem to have read something that makes you think I want to
> > forbid servers from filtering, when all I said was that it works even if
> > they don't.
>
> No, I didn't say that. What I do say that it is wrong to spec
> support for filtering by clients, because it is a large burden on the
> clients. That it is much harder for clients to do it than servers is
> a simple statement of fact.
Agreed, but so what? If the server doesn't do it you would have to
actively do something to prevent client filtering, what does that gain
you? The filtering can be done in Cleanfeed, or in the main server code,
or in the client. What's wrong with having a choice, particularly if we
provide the patches for Cleanfeed and INN?
> The value judgement I made is that it would be wrong to even suggest it
> as an alternative because I don't want each party to punt the duty to the
> other. I don't want server owners to say, "let the clients do it" while
> newsreader authors say "let the server do it."
Why? Some sites do NoCEM on spool and some let the client decide, is
this a diferent choice in some inobvious way?
> I think it is the function of standards bodies to decide which is the best
> place and to say it SHOULD be done there, even MUST be done there, to
> avoid the buck-passing which results in it not being done.
>
> If that is playing god, it is what standards bodies do. Choose between two
> alternatives so that everybody else doesn't have to.
And I thought it was to choose between mutually exclusive aternatives to
promote interoperability... If you want to forbid client filtering, will
you (do you) block NoCEM information to prevent that? Do your TOS forbid
use of a KILL file? Why do you feel that if the site doesn't do it in
the filter the client shouldn't have the choice?
> In this case, however, one alternative is so much vastly superior to the
> other.
Probably true, but since they are not mutually exclusive, so what? Don't
you trust the readers to make the choice? Or the site admins?
> > Again, the existance of a working group without header support sure
> > makes it look practical. I'd rather have it in the server, but I do
> > filter some groups based on article body content. I don't like it, but I
> > do it.
>
> If you think alt.anonymous.messages is an example of what I describe, I
> am afraid I either seriously misunderstand the newsgroup or you don't
> understand what I'm discribing.
No, it's an example of what I describe, working just the way I propose
as the "no server support needed" alternative. Proves that it can be
done, that people will make the effort, etc. It's not the best way, but
users will pressure admins to do it in the server in most cases,
assuming the idea takes off.
-- -bill davidsen (davidsen@prodigy.com) "The secret to procrastination is to put things off until the last possible moment - but no longer" -me