From: Brad Templeton (brad@templetons.com)
Date: Sat Oct 13 2001 - 17:38:52 CDT
On Sat, Oct 13, 2001 at 09:07:59PM +0200, Ralph Babel wrote:
> Brad Templeton wrote:
> > Unless remote sites somehow have decided to remember that
> > all articles from rbabel@babylon.pfm-mainz.de MUST be
> > signed, and reject any that are not signed by you,
> > forgeries are possible.
>
> Unless remote sites somehow have decided to
> honor your cancels, you're out of luck, too.
Of course, but I don't see the relevance. We're discussing the shape
of usenet with some authentication. Naturally that applies primarily to those
who decide to participate, but it is with the presumption that those who
do particpate do so in some standardized way. USENET is effectively all
about a group of sites cooperating and using the same formats, protocols
and systems to a network -- that's what a network is.
>
> > The only way to actually stop forgeries is to have a
> > set of newsgroups which accept _only_ signed articles.
> It's not "newsgroups" that accept articles. It's individual
> servers run by admins. Want to bind every single one with a
> contract? Good luck.
Of course not. The idea is, similar to the principle of the moderated
newsgroup that most or all sites agree to define a newsgroup as requiring
some form of signature, just as today we define a moderated newsgroup
as requiring an approved header.
(Note that a number of relay sites have dropped out of that, and pass
articles in moderated groups without an approved header. This in theory
doesn't hurt the sites downstream that later drop them that much, but
at those sites it's annoying.)
>
> > So you want to be able to cancel that post in your name
> > that says "all hail bin laden" that's getting you the
> > death threats.
> I understand that. It doesn't work, though.
What doesn't work? In old USENET, _anybody_ could cancel that article,
including the victim of the forgery. Today, some sites allow that cancel
and some don't -- does anybody have stats? Today, some more sites will
allow the cancel if signed by some trusted nocem issuer, but not from
others. In a network with standardized authentication, I expect most
sites to be happy to honour a cancel from somebody who has a certificate
verifying that they own the E-mail address in the From line or Reply-to
line of the original article -- whether or not they posted the original.
>
> > A site can be clearly defined as a number of things,
> > including postings where the from/reply-to is in
> > a domain belonging to the site,
> _News_ articles are none of a _mail_ provider's business.
News and mail are tightly bound, and in the From header quite tightly.