From: Brad Templeton (brad@templetons.com)
Date: Sat Oct 13 2001 - 14:57:22 CDT
On Sat, Oct 13, 2001 at 02:23:32PM -0400, Seth Breidbart wrote:
> It's easy to fake a signature that will fool anybody whose software
> doesn't check them, which is just about everybody.
Sadly this problem is even harder than that. To make signing actual
articles meaningful, you must flag the newsgroup as _only_ allowing articles
signed by somebody with an appropriately trusted certificate.
That's because even if Seth signs his articles, and even if remote servers
notice, "Hey, sethb@panix.com signs articles, I am now going to insist
that any articles from him must be signed" I can still post an unsigned
article from "sethb@pamix.com (Seth Briedbart)" and I bet 99% of people
would be fooled and blame him for the article even if they could not
reply. Or I could post an article from "sethb@mailhost.panix.com" and
only a very clever system would see that was the same user, and so
the angry replies to my forgery would go to him.
The only solution is that you need groups where all postings must be
signed. Clearly this is a new type of group, some might even argue a
whole new hierarchy, or a status an old group might adopt through some
process. Not much new code -- we plan to make moderated groups into
this sort of group, where only signed articles are allowed, but in this
case signed approved by the moderator.
Now requiring postings to be signed doesn't mean they can't come from
pseudonyms or even be entirely anonymous. One could decide to accept
a CA for the group which gives out certificates for ".invalid" domains
and lets people post entirely anonymously. It just means you can't
get a certificate for anything that even looks like my address, and as
such can't forge messages that people might think come from me.
> >> If somebody forges a spam attack appearing to come
> >> from my site, I should be able to cancel it.
> >
> > If the so-called "spam attack" doesn't carry a valid
> > signature, everyone can recognize that it didn't
> > come from "your site". Not a cancel issue.
>
> For a very small value of "everybody".
The problem is people responding to spams tend to react first and
look into the details later. If they see a nasty spam that says it
comes from addresses @panix.com, they will send in a flurry of
complaints to the panix admins.