From: Benjamin Franz (snowhare@nihongo.org)
Date: Tue Oct 02 2001 - 12:21:06 CDT
On Tue, 2 Oct 2001, Clive D.W. Feather wrote:
> Russ Allbery said:
> > There is nothing even remotely "safe" about honoring multiple-message
> > unauthenticated cancels.
>
> How does this differ from single-message unauthenticated cancels ?
>
> The key issue here is how to address the "multiple-" bit. Authentication
> mechanisms ought to work for both.
That is not obvious.
Single message cancels are _intended_ to be usually used by individuals
retracting their own messages. Multiple message cancels are _intended_ for
net abuse control by third parties.
These are different jobs with substantially different requirements in
terms of need for 'identification'. First party cancels have no need
beyond verification that the person cancelling the cancel for a message is
the same as the person issuing the original message. The HMAC cancel lock
mechanism is completely adequate to this task and avoids burdening the end
user without need.
Third party cancellations require the reliable _identification_ of the
issuer as authorized to perform third party cancellations (ala digital
signatures). This requires some type of PKI mechanism to work.
Completely different requirements with completely different solutions.
-- Benjamin FranzPrograms must be written for people to read, and only incidentally for machines to execute. ---Abelson and Sussman