From: Kent Landfield (kent@landfield.com)
Date: Tue Jan 21 2003 - 14:29:39 CST
All,
I'd really like to see us finish the first document before jumping into
another can of worms. The chairman asked us to drop this line of discussion
until we deal with the initial issues of the current draft. Signing
will not be in the initial document. If you want to continue this discussion,
please do it on the usenet-extensions mailing list or in private mail.
#
# On Tue, Jan 21, 2003 at 04:38:29PM +0000, Charles Lindsey wrote:
# > >it with an appropriate error.
# >
# > No, my whole point is that most users are constrained to use whatever
# > injector their ISP provides (whatever site behind the NNTP POST command).
# >
# > These injectors can, and do, add headers (Injector-Info, NNTP-Posting-*,
# > X-Trace, Complaints-To, and goodness knows what else).
# >
# > Moreover, they usually add them _after_ all the other headers. That is the
# > real world, and any signing scheme will have to live with it.
# >
#
# Again, perhaps the point is not clear. The only reason you have
# the belief that users are constrained to use whatever injector
# their ISP provides is that nobody today runs an open injector that
# will take traffic from any user who signs their articles.
#
# For what you say to be true, ISPs would have to be blocking outgoing
# traffic from the user, to stop them from reaching other injectors
# that are willing to accept their articles.
#
# Once articles are signed with a certificate, you no longer need to
# add the tracing headers above. An injector becomes no different from
# a relay. Do relays add headers such as these? Of course not.
#
# What they add is a path entry, and that is all they need add to
# a signed injected article, the tail-point of the Path line. They
# can make that tail-point be an auditing token to let the extract the
# IP address. But they don't need to.
#
# They don't need to because the signature verifies who the poster is.
# They would check to assure the certificate on the sig meets their
# standards for insertion of an article, but that's about it.
#
# If the user spams, then the signature provides a means to deal with
# them, as effective if not more effective than the current "Is their
# IP on my network?" test.
#
#
# In fact, the current test could be done as a degenerate case of
# what signatures can do. Issue a certificate saying "This is user
# X from network Y, Complaints-to Z" and you have then tested and
# certified all that you would have had the injector record in extra
# headers except perhaps the date.
#
#
# This is a change from the centralist design of USENET that said there
# were site lords and user-serfs, and what security there was came
# from the site-lords controlling the user-serfs ability to post
# through their injectors.
#
# digital signature allows you to completely rethink that, to split
# the authentication and tracing problem away from the transport system.
# It doesn't force you to do that, you can still do it the old way, but
# a whole new range of possibilities open up.
#
# So I challenge you -- why, with a signed article, do we need
# what is traditionally thought of as an injector at all?
#
#
#
-- Kent Landfield Phone: 1-817-545-2502 Email: kent@landfield.com http://www.landfield.com/ Search the Usenet FAQ Archive at http://www.faqs.org/faqs/ Search the RFC/FYI/STD/BCP Archive at http://www.faqs.org/rfcs/