Re: REPOST : Un-forgeable Cancels

[dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)]

jbaber@mi.leeds.ac.uk writes:

> From what I can see (the full README is unavailable) PGPMoose is designed
> to Cancel messages in a moderated newsgroup that have not been approved by
> the moderator - by using PGP sigs to authenticate the approval.
>
> see http://people.qualcomm.com/ggr/pgpmoose.html

Given that Qualcomm employs Paul Pomes, who harrasses anonymous remailer
operators by complaining to their upstreams and employers, I advise you
to be wary of anything coming out of Qualcomm - like their Eudora mail reader.

> This could be modified for general cancels but would then involve PGPMoose
> having access to every authors Public Key.

A program that would search the news for articles that purport to be from
people who requested this service (and may be paying for it), verifying
their digital signatures, and issuing "hide" NoCeMs for the ones that fail
this check (possible forgeries) would be a good thing indeed and would
encurage the use of digital signatures.

As I pointed out before on the Cypherpunks list, signing only the body of
the article leaves one open to replay attacks: a forger can repost the
same signed article with new message-id and possible in new newsgroups.
Therefore at least both of these header fields need to be signed.

Perhaps the folks who participate in Brad Templeton's "son-of-rfc1036"
mailing list would like to propose a generaliaztion of the new headers
used by pgpmoose to sign the headers of an article together with it body.

---

<a href="mailto:dlv@bwalk.dm.com">Dr.Dimitri Vulis KOTM</a>
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps