jbaber@mi.leeds.ac.uk writes:
From what I can see (the full README is unavailable) PGPMoose is designed to Cancel messages in a moderated newsgroup that have not been approved by the moderator - by using PGP sigs to authenticate the approval.
Given that Qualcomm employs Paul Pomes, who harrasses anonymous remailer operators by complaining to their upstreams and employers, I advise you to be wary of anything coming out of Qualcomm - like their Eudora mail reader.
This could be modified for general cancels but would then involve PGPMoose having access to every authors Public Key.
A program that would search the news for articles that purport to be from people who requested this service (and may be paying for it), verifying their digital signatures, and issuing "hide" NoCeMs for the ones that fail this check (possible forgeries) would be a good thing indeed and would encurage the use of digital signatures. As I pointed out before on the Cypherpunks list, signing only the body of the article leaves one open to replay attacks: a forger can repost the same signed article with new message-id and possible in new newsgroups. Therefore at least both of these header fields need to be signed. Perhaps the folks who participate in Brad Templeton's "son-of-rfc1036" mailing list would like to propose a generaliaztion of the new headers used by pgpmoose to sign the headers of an article together with it body. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps