Re: Making it more difficult to forge cancels (was: Re: FORGED CANCELS of posts on n.a.n-a.m)

[John Lull <lull@acm.org>]

On Mon, 09 Oct 1995 23:12:35 -0400 (EDT), dlv@bwalk.dm.com (Dr.
Dimitri Vulis) wrote:

> Scenario 3.
> 
> Alice provides dial-up Usenet feed to/from several small sites run by Bob,
> Charles, and Dan. Their domains point to Alice via MX. Alice knows that if one
> of them spams Usenet, she'll be flamed and mailbombed. Alice adds her own
> "Cancel-Lock:" to each article she receives from these sites before feeding
> them to the rest of Usenet. Later she can cancel whatever articles have
> originated at B, C, D, and passed through her site.

I like this a lot, except:

If B doesn't add a Cancel-Lock to each article he sends, he loses the
ability (because of Alice's Cancel-Lock) to cancel his own articles.
Cancel-Locks should only be added (or honored?) if the message
contains a Cancel-Lock from the originator.

I'd also like to suggest that added Cancel-Locks be generated from
something less than the full message -- perhaps from just the message
ID.  Intermediate sites are unlikely to maintain full copies of all
messages, and ought to be able to generate cancels in response to a
(possibly corrupted) copy returned to postmaster from another site.