From: Brad Templeton (brad@templetons.com)
Date: Sat Oct 13 2001 - 17:44:37 CDT
On Sat, Oct 13, 2001 at 04:35:29PM -0400, Seth Breidbart wrote:
> >> It's easy to fake a signature that will fool anybody whose software
> >> doesn't check them, which is just about everybody.
> >
> > Sadly this problem is even harder than that. To make signing actual
> > articles meaningful, you must flag the newsgroup as _only_ allowing articles
> > signed by somebody with an appropriately trusted certificate.
>
> Even that isn't good enough.
>
> > That's because even if Seth signs his articles, and even if remote
> > servers notice, "Hey, sethb@panix.com signs articles, I am now going
> > to insist that any articles from him must be signed" I can still
> > post an unsigned article from "sethb@pamix.com (Seth Briedbart)"
>
> Or SethBreidbart@<free-email-provider>, and say something about how my
> regular account is down so I'm using that one. You could even get a
> valid certificate for it (by challenge-response).
>
> You can't solve a social problem (forgery fooling people) by technical
> means.
>
You can stop replies from coming to you via the above method, though you
could not stop it if the guy put a mail forwarder there, but if he does
so he can be caught and punished in other ways.
In addition, a note like you describe about a regular account being down
is a red flag for most people. It will fool a few, but a much smaller
number.
As such, I think a newsgroup where email addresses can't be forged is
still of considerable value.
Unfortunately the rule of "Once a guy signs an article, insist on a signature
for that email address" is not of much value because not only are there the
attacks I listed, but there's a nasty DOS attack where I forge the first
message from you to be signed, and you now can't post or sign at all.
Key to these issues as well is providing accountability for abuse. If somebody
posts that note from the free-email-provider, they do have whatever
accoutability that provider implements. That may be little more than
getting the account punted. Or some people may wish groups where simply
having an E-mail address is not enough -- that the site which grants it
must be held to some standard the group sets for itself. This is of course,
up to the group. (I wouldn't advise any such rules net wide. Indeed
there are to be few rules net-wide, rules instead should be generated on a
per-newsgroup and per-hierarchy basis and there should be a plethora of
choices.)