[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mainstreaming PGP on Usenet
-----BEGIN PGP SIGNED MESSAGE-----
To: [email protected] (Dr. Dimitri Vulis)
Cc: [email protected]
Subject: Re: Mainstreaming PGP on Usenet
Dr. Dimitri Vulis wrote:
>
> [email protected] (Igor Chudov @ home) writes:
> > Dr. Dimitri Vulis wrote:
> > > One issue that hasn't been addressed by the s.c.r.m robomod is the
> > > possibility of persistent nyms: that is, Alice D. Nonymous somehow makes
> > > her public key known to the robomod; and later if someone submits an articl
> > > via some anon remailer claiming to be hers, it would be rejected if the
> > > signature doesn't check. Of course, her true submissions would be accepted
> > > from any remailer. How could such protocol be implemented?
> >
> > We see no problem with user posting under pseudonyms, as long as they do
> > not try to pretend to be other real people and do not constantly mutate,
> > and submit their messages to the robomoderator for consideration.
>
> On the contrary, I was thinking of a situation when a person is posting through
> an anonymous remailer, yet wishes to establish a persistent nym that can't be
> impersonated. E.g., someone may submit articles via remailers (different every
> time) and have a signature 'Alice D. N.'; what's to prevent someone else from
> submitting an article and also signing it 'Alice D. N.'?
>
> I was thinking of allowing the user to add a 'From: <nym>' in the first
> paragraph of the PGP-signed block. To establish the nym, Alice would first
> post her public key under the name of Alice; then she would post things like
>
> From: remailer@somewhere
>
> -- begin pgp signed msg
>
> From: Alice
>
> ...
>
> This would also address the problem of someone's misconfigured system where
> his submissions appear to come from [email protected] or
> [email protected] or some other random hostname.
>
As far as I understand, the problem boils down to this:
Nym users want to have an identity (belief of other users that
a set of articles originating from many anonymous addresses were in
fact written by one person). At the same time, we want to prevent
users who do not have a permanent return address from using
addresses of other persons.
One of the problems with allowing users to specify return addresses in
the letters is a possibility of forgery: what if
[email protected] posts a MAKE MONEY FAST message, and specifies
that her "From: " address should be Popugaev@get_high.edu? Such posting
could get Mr. Popugaev in trouble.
Maybe the following rewriting rule may be a good compromise between
functionality and security, for PGP signed messages:
1. Original "From: " address is rewritten as "X-Origin" or some such.
2. "From:" address is always set to the main user ID of the PGP key that
was in the signature.
3. For "Reply-To: " we use "Reply-To: ", if it is present, then we try
"From: ", and if "From: " is not present, "Reply-To: " is not set.
4. If "Subject: ", "Date: ", "Message-ID: ", or "Newsgroups: " is
present on the block of pseudo-headers starting with the first line of
the text, use them instead of trusting the headers of an email.
This way, we achieve the following results:
1. Positive and reliable identification of users is possible to every
reader of soc.culture.russian.moderated, not only to moderators;
2. Users gain additional protection from man-in-the-middle attacks by
using well protected pseudo-headers withing PGP signed blocks; they
cannot misuse this feature by lying about who they are;
3. Those who do not want to bother do not have to;
4. People with misconfigured email addresses may have at least
some address field ("From: ") set correctly.
5. Nyms can post freely through any anon remailers and always have their
identity show up in the "From: " field, even if remailers do not allow
users to specify their identity at all.
Note that I agree that we need to have a database of MD5 checksums of all
submissions and carefully process duplicates.
What do you think?
- Igor.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMTvi6MJFmFyXKPzRAQGEMQP8C4V9gCs5REc5hez0gRP7bXn9NGV5S/6l
fxJo4SPmCBdWxn+msLxchbrho/hlhcUMaPuswcnacgrqEAyd1H4yIiMyZ1s6z06e
0q6WQ8QUy/E1nrc4lCSXKUBYB8MV/SGlynxxq3X9T2eF2lmnoArWj4QpfcVgk9RR
HvcvpK3GWuA=
=OXCv
-----END PGP SIGNATURE-----