From: John Stanley (stanley@peak.org)
Date: Fri May 04 2001 - 13:50:16 CDT
Seth Breidbart (sethb@panix.com):
>> How do they know if
>> a@b.example is a moderator for a group which has a submission
>> address of c@d.example?
>Send a copy of the cancel request to c@d.example and see if it gets
>confirmed.
In other words, they don't know.
So, the cancel request is sent to the moderation address, and it is
autoapproved (surely the people we trust to certify cancels are trusted
enough to be on an autoapproved list for a robomoderated newsgroup) and
posted.
Or it is sent to the moderation address, and it is forwarded to a
different moderator of a multi-moderator group.
Russ Allbery (rra@stanford.edu):
>We have a relatively working authority delegation system in place for
>newsgroup creation in most hierarchies; I'd leverage off of that.
I don't think that answers the question. If it does, what it seems to mean
is that each moderator submission address will have to be given its own
key by that "authority delegation system" because once that "delegation
system" creates a group they no longer control who the moderator is. And
that key will have to be revoked and reissued each time a moderator leaves
a group.
ANd that means that claiming that this delegation authority will be able
to sign cancels for moderated groups is wrong, since they won't know
anything but the submission address, and anyone can forge email looking as
if it came from there.