From: Brad Templeton (brad@templetons.com)
Date: Sat Oct 13 2001 - 03:13:51 CDT
On Fri, Oct 12, 2001 at 11:31:43PM -0400, J.B. Moreno wrote:
> The implementation that needs to done is in a news server/client.
Duh. In theory putting the code into the server should not be that hard.
The reason to discuss goals is you need to define what the predicates of
the language that configures permissions will be, though I have done some
work on that.
I have another large software project underway so I can't do it, but can
help somebody who can. The components needed are:
a) Defining the clauses for the certificate language, and setting a few
parameters (signing algorithm etc.)
b) Define an encoding to move these Keynote certs into a USENET header
c) Working out what is signed in an article (ie. which headers and how
and when to sign the body -- there's been quite a bit of debate on this
here)
d) Define a key database ("ring" if you prefer) and control messages
which, if authorized, update it.
e) The CRL
(All the above is new code, not really modifying existing news servers
much)
f) Finally you find all the places in the existing server where it's
about to do an operation that will become authenticated, such as a
cancel or newgroup or posting to an authenticated/moderated group, and have
it gather the certs and do a keynote query to see if the proposed operation
is allowed, and then either doing it or denying it.