Date: Tue, 15 Feb 94 17:11:34 -0800 From: hughes@ah.com (Eric Hughes) To summarize the specifics of Ted's proposal: 1. mail to a central site is accessed by internet client 2. moderators vote +/-/0/not now 3. threshold weighting + and - 4. selection of moderators left open 5. security of approved header left open I had thought of using email to distribute articles to the moderator, but one might just as easily use NNTP. The modified newsreader could be pointed at the restricted-to-moderators NNTP site. NNTP might not even need extension, if the existing authentication procedures can be hacked to work. Votes/ratings can be in the form of articles posted to a .votes or .ratings group. I wouldn't do it that way. There's too much overhead involved in talking to the .votes or .ratings group. I'd instead extend the NNTP protocol with a "XVOTE" command, which can take the arguments "yes" or "no"; this way, the server code is much simpler. The client code won't be that bad --- it would be pretty easy to modify gnus to do the right thing. It will be important to have real authentication to that central site, though; password stealing is all too common these days. Later protocols could be developed to get rid of the hazards of single central sites. This central site is only for each newsgroup, though, not the whole system. I wouldn't worry about the "hazards of the single central server" for quite a while, precisely because it is only for each newsgroup. I'd imagine that the number of people that would be moderating a newsgroup would be relatively small. I wouldn't worry about forged Approved: headers right now. That bit of usenet will take major public key surgery to fix. I don't think it will happen until the RSA patents expire. Actually, it might not be that hard to fix. Consider an additional header line which contains the signature of selected header fields (say, the message-id, the date, the from field, and the subject). I doubt that a news systems would ever verify the signature while they are accepting mail --- that would slow down the news throughput unacceptablely throughout the system --- but one can imagine an "auto-cancellation" system installed on a few key sites that would send out cancel message for any article a "new moderated group" that didn't have a valid signature on it. That way, you don't even need to get the signature validation software running on all sites; indeed, most sites wouldn't need to upgrade their software at all, which is a major point. One problem that hasn't been addressed is the social one: how do people choose moderators? The only method we currently have involves conducting a Usenet vote, which tends to be a long and cumbersome process. Any other one, unfortunately, tends to bring up cries of "Usenet cabal" very quickly. The one exception is the "anyone can be a moderator"; but that will only stop the newbie poster --- it won't stop a determined attacker. - Ted