[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FORGED CANCELS of posts on n.a.n-a.m

At 10:47 AM 10/4/95 EDT, [email protected] (Dr. Dimitri Vulis) wrote:
>When an article is posted, two quantities are computed by the posting program:
>M1 = H(article body + newsgroups + message-id + date + passphrase) and
>M2 = H(M1). The posted article contains the header "Cancel-lock: M2".
>[.. Cancel-key: M1 to cancel or supersede.]
>[..Daemons forward suspected forged cancels to originator]

Aside from the forged-From:-bogus-cancel spam /r$ proposed, this has
the problem that it still only allows the originator to cancel a message,
and not either the moderator of a moderated group or a Good Spam-canceller
like CancelMoose, as well as stopping censors and cancel-spammers.

Cancellation is a sufficiently local-policy-dependent issue, and reasonably
low volume compared to the rest of news, that it probably makes sense for
the various news programs to hand cancellation requests off to an external
program, which can be locally modified as desired.

One approach is to add digital signature and verification capability
to News, at least to support cancels; doing this in an outboard
cancel-daemon is obviously easier.  RIPEM-SIG is a signature-only
version of RIPEM which is exportable, probably just in binaries. 
The local cancel-daemon could accept cancellation requests that were signed
by anybody on the list of locally-approved cancellers; one site could accept
cancels from Cancelmoose, newsgroup moderators, and Helena Kobrin;
another could do authors only.  This would, of course, encourage people
to get their digital signatures out there to allow themselves to cancel
their own messages.

BTW, on the general topic of spam, I got a nice note back from the
Johnson-Grace folks saying they were sorry they posted their
ad/announcement to the list and it won't happen again.
And you can download their compression stuff from www.jgc.com but they're
not actually making the algorithms public...

#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281