From: Brad Templeton (brad@templetons.com)
Date: Tue Jan 21 2003 - 13:25:15 CST
On Tue, Jan 21, 2003 at 04:38:29PM +0000, Charles Lindsey wrote:
> >it with an appropriate error.
>
> No, my whole point is that most users are constrained to use whatever
> injector their ISP provides (whatever site behind the NNTP POST command).
>
> These injectors can, and do, add headers (Injector-Info, NNTP-Posting-*,
> X-Trace, Complaints-To, and goodness knows what else).
>
> Moreover, they usually add them _after_ all the other headers. That is the
> real world, and any signing scheme will have to live with it.
>
Again, perhaps the point is not clear. The only reason you have
the belief that users are constrained to use whatever injector
their ISP provides is that nobody today runs an open injector that
will take traffic from any user who signs their articles.
For what you say to be true, ISPs would have to be blocking outgoing
traffic from the user, to stop them from reaching other injectors
that are willing to accept their articles.
Once articles are signed with a certificate, you no longer need to
add the tracing headers above. An injector becomes no different from
a relay. Do relays add headers such as these? Of course not.
What they add is a path entry, and that is all they need add to
a signed injected article, the tail-point of the Path line. They
can make that tail-point be an auditing token to let the extract the
IP address. But they don't need to.
They don't need to because the signature verifies who the poster is.
They would check to assure the certificate on the sig meets their
standards for insertion of an article, but that's about it.
If the user spams, then the signature provides a means to deal with
them, as effective if not more effective than the current "Is their
IP on my network?" test.
In fact, the current test could be done as a degenerate case of
what signatures can do. Issue a certificate saying "This is user
X from network Y, Complaints-to Z" and you have then tested and
certified all that you would have had the injector record in extra
headers except perhaps the date.
This is a change from the centralist design of USENET that said there
were site lords and user-serfs, and what security there was came
from the site-lords controlling the user-serfs ability to post
through their injectors.
digital signature allows you to completely rethink that, to split
the authentication and tracing problem away from the transport system.
It doesn't force you to do that, you can still do it the old way, but
a whole new range of possibilities open up.
So I challenge you -- why, with a signed article, do we need
what is traditionally thought of as an injector at all?