-----BEGIN PGP SIGNED MESSAGE----- To: dlv@bwalk.dm.com (Dr. Dimitri Vulis) Cc: cypherpunks@toad.com Subject: Re: Mainstreaming PGP on Usenet Dr. Dimitri Vulis wrote:
ichudov@algebra.com (Igor Chudov @ home) writes:
Dr. Dimitri Vulis wrote:
One issue that hasn't been addressed by the s.c.r.m robomod is the possibility of persistent nyms: that is, Alice D. Nonymous somehow makes her public key known to the robomod; and later if someone submits an articl via some anon remailer claiming to be hers, it would be rejected if the signature doesn't check. Of course, her true submissions would be accepted from any remailer. How could such protocol be implemented?
We see no problem with user posting under pseudonyms, as long as they do not try to pretend to be other real people and do not constantly mutate, and submit their messages to the robomoderator for consideration.
On the contrary, I was thinking of a situation when a person is posting through an anonymous remailer, yet wishes to establish a persistent nym that can't be impersonated. E.g., someone may submit articles via remailers (different every time) and have a signature 'Alice D. N.'; what's to prevent someone else from submitting an article and also signing it 'Alice D. N.'?
I was thinking of allowing the user to add a 'From: <nym>' in the first paragraph of the PGP-signed block. To establish the nym, Alice would first post her public key under the name of Alice; then she would post things like
From: remailer@somewhere
-- begin pgp signed msg
From: Alice
...
This would also address the problem of someone's misconfigured system where his submissions appear to come from moron@camelot.ptu.edu or moron@pendragon.ptu.edu or some other random hostname.
As far as I understand, the problem boils down to this: Nym users want to have an identity (belief of other users that a set of articles originating from many anonymous addresses were in fact written by one person). At the same time, we want to prevent users who do not have a permanent return address from using addresses of other persons. One of the problems with allowing users to specify return addresses in the letters is a possibility of forgery: what if Mallory@evil-services.com posts a MAKE MONEY FAST message, and specifies that her "From: " address should be Popugaev@get_high.edu? Such posting could get Mr. Popugaev in trouble. Maybe the following rewriting rule may be a good compromise between functionality and security, for PGP signed messages: 1. Original "From: " address is rewritten as "X-Origin" or some such. 2. "From:" address is always set to the main user ID of the PGP key that was in the signature. 3. For "Reply-To: " we use "Reply-To: ", if it is present, then we try "From: ", and if "From: " is not present, "Reply-To: " is not set. 4. If "Subject: ", "Date: ", "Message-ID: ", or "Newsgroups: " is present on the block of pseudo-headers starting with the first line of the text, use them instead of trusting the headers of an email. This way, we achieve the following results: 1. Positive and reliable identification of users is possible to every reader of soc.culture.russian.moderated, not only to moderators; 2. Users gain additional protection from man-in-the-middle attacks by using well protected pseudo-headers withing PGP signed blocks; they cannot misuse this feature by lying about who they are; 3. Those who do not want to bother do not have to; 4. People with misconfigured email addresses may have at least some address field ("From: ") set correctly. 5. Nyms can post freely through any anon remailers and always have their identity show up in the "From: " field, even if remailers do not allow users to specify their identity at all. Note that I agree that we need to have a database of MD5 checksums of all submissions and carefully process duplicates. What do you think? - Igor. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMTvi6MJFmFyXKPzRAQGEMQP8C4V9gCs5REc5hez0gRP7bXn9NGV5S/6l fxJo4SPmCBdWxn+msLxchbrho/hlhcUMaPuswcnacgrqEAyd1H4yIiMyZ1s6z06e 0q6WQ8QUy/E1nrc4lCSXKUBYB8MV/SGlynxxq3X9T2eF2lmnoArWj4QpfcVgk9RR HvcvpK3GWuA= =OXCv -----END PGP SIGNATURE-----