From: Brad Templeton (brad@templetons.com)
Date: Wed May 02 2001 - 03:49:58 CDT
On Wed, May 02, 2001 at 10:23:53AM +0200, Thomas Roessler wrote:
> I was rather thinking about actually maintaining the PKI which would
> be needed for true signed cancels.
>
> Can we really expect to build a world-wide hierarchical PKI on a
> volunteer and free basis? (We'd need a hierarchical one since the
> servers would have to trust some root - web of trust doesn't work
> for this.) If we can't expect this to happen, can we expect people
> to get certificates from the established PKIs? Would such PKIs be
> usable at all for our purposes (I doubt this)?
>
> So, is there a business case for running the Usenet PKI?
>
> If all of these questions are answered with "no", working on signed
> cancels is a waste of time.
Signed cancels already exist, with volunteer work, and amazingly no
PKI. Some people wrote systems to send out spam cancels, and they
started signing them. Then others started putting in the code to
handle them, and manually inserting the public keys of the signers.
Since manual key management is a nightmare compared to a proper PKI,
if people can make that work, I have a lot of faith.
Everything in USENET has been done with volunteers.
It's entirely possible to start small. A few people pop up as signers
of cancels, but this time they have keys that they can delegate, and
revoke, so once you install a few of their keys, you don't have to
do any more maintenance. Since people don't actually use the master keys
to sign cancels, but rather sub-keys certified with the master keys,
you can safely revoke or change who is involved.
A similar system is already in place for newgroup. Dave Lawrence
maintained a list of the signing keys for newgroup in various hierarchies
(now at isc.org) and people just download and install. Instead, they just
have to put in his one key to get the same result they have today. If he
was willing to maintain a key list he is certainly willing to just sign the
keys in the list instead.
Now that just duplicates what we have today. I think a better idea,
a bit more complex, but more comforting, is to use voting root keys.
Ie. you install a list of around 20 root keys from various usenet luminaries
around the world, and they as a group sign sub-keys, or revoke them.
This is slightly more complex because you must implement a control message
to broadcast these delegated keys, and sites must store them. But it's not
rocket science, the keys will have names, and you put them in a file.
But it means no one party has control over USENET, which is better than
what we have now, because if we wanted to change who could newgroup from
the archive at isc.org to somewhere else, it would take ages for everybody
to replace their key lists.
Done right, we would do this one at a time. The first thing I would
authenticate with it is newgroup (and friends), then cancel and then
posting to moderated groups. Then other control messages, and what
might be called authenticated groups, which are not moderated, but only
allow posting of signed articles.
But we can start small, as others have done. Certificates, even with
a limited PKI, lets people delegate who gives permissions on their machine,
so we can act quickly and change our minds on how permissions are delegated.
USENET began totally open. Anybody could perform almost any USENET action
on your server. Slowly, we've had to elminate that and move to
assigning permissions as to who can do what.
Effectively, this is the very problem public key certificate systems were
designed to solve. Anything else would be silly.