Re: Sandy and I will run a cypherpunks "moderation" experiment in
At 09:02 PM 1/5/97 -0600, Igor Chudov @ home wrote:
With STUMP robomoderator, the great majority of posts are autoapproved, because they come from preapproved posters. In the newsgroups moderated by STUMP, moderators review only a small fraction of incoming messages.
I like this. Seems that list moderating technology has made some progress. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm
Lucky Green wrote:
At 09:02 PM 1/5/97 -0600, Igor Chudov @ home wrote:
With STUMP robomoderator, the great majority of posts are autoapproved, because they come from preapproved posters. In the newsgroups moderated by STUMP, moderators review only a small fraction of incoming messages.
I like this. Seems that list moderating technology has made some progress.
Thanks! Actually the statistics is that in the groups moderated by STUMP, the proportion of autoapproved articles eventually settles around 85-90%. - Igor.
Lucky Green:
At 09:02 PM 1/5/97 -0600, Igor Chudov @ home wrote:
With STUMP robomoderator, the great majority of posts are autoapproved, because they come from preapproved posters. In the newsgroups moderated by STUMP, moderators review only a small fraction of incoming messages.
I like this. Seems that list moderating technology has made some progress.
The cypherpunks moderator robot should check PGP signatures for the "preapproved posters" - it is just too easy to forge email. And the human moderator should be willing to put any regular posters onto the list of "preapproved posters". Any preapproved who mutated into a flamer would be removed from the list. Newbies would have to be around for a bit to get on. Should work well enough. -- Vince
Vince wrote:
Lucky Green:
At 09:02 PM 1/5/97 -0600, Igor Chudov @ home wrote:
With STUMP robomoderator, the great majority of posts are autoapproved, because they come from preapproved posters. In the newsgroups moderated by STUMP, moderators review only a small fraction of incoming messages.
I like this. Seems that list moderating technology has made some progress.
The cypherpunks moderator robot should check PGP signatures for the "preapproved posters" - it is just too easy to forge email. And the human moderator should be willing to put any regular posters onto the list of "preapproved posters". Any preapproved who mutated into a flamer would be removed from the list. Newbies would have to be around for a bit to get on.
Should work well enough.
A good note. Checking PGP signatures for all messages from preapproved posters is one of the possible modes of running STUMP (you have to define WHITELIST_MUST_SIGN=YES). This may be appropriate on cypherpunks, but for regular newsgroups it is rarely practical, because the users are dumb and clueless. On Cypherpunks that may work well and even add some cool flavor to the whole process, as well as help popularize PGP. Another advantage of robo-verification of signatures is that people reading cpunks will know that PGP signed messages really are signed, without the need to keep PGP keys of everyone. That is, of course, if you trust the robomoderator. This is all described at STUMP page. STUMP means Secure Team-based USENET Moderation Program, by the way. - Igor.
-----BEGIN PGP SIGNED MESSAGE----- In <199701070549.XAA02730@manifold.algebra.com>, on 01/05/97 at 01:49 AM, ichudov@algebra.com (Igor Chudov @ home) said:
A good note.
Checking PGP signatures for all messages from preapproved posters is one of the possible modes of running STUMP (you have to define WHITELIST_MUST_SIGN=YES). This may be appropriate on cypherpunks, but for regular newsgroups it is rarely practical, because the users are dumb and clueless. On Cypherpunks that may work well and even add some cool flavor to the whole process, as well as help popularize PGP.
Another advantage of robo-verification of signatures is that people reading cpunks will know that PGP signed messages really are signed, without the need to keep PGP keys of everyone. That is, of course, if you trust the robomoderator.
This is all described at STUMP page. STUMP means Secure Team-based USENET Moderation Program, by the way.
I would have to disagree on this. IMHO I see using a 3rd party sig verification defeating the purpose of PGP. One really needs to have the keys on ones own keyring and verify keys for those he communicates with on a regular basis. Other wise the "web of trust" is never built. I have designed a system that will automate most of the more dificult aspects of managing PGP and buliding a "web of trust". It's based on the user obtaining a copy of the keyring from one of the pgp servers and uptating it on a regular basis. This is automated by using both e-mail request and http request from the pgp servers. The user then uses 3 keyrings: pubring.pgp -- Small keyring contianing the most used keys mainly key used for encryption. sigring.pgp -- Medium size keyring containing keys used only for verifying sigs. master.pgp -- Copy of pubring.pgp from pgp key server. Logs are kept of all signatures verified. After the same signature has been verified X number of times the public key is added to the sigring.pgp. If a key has not been used in X number of days it is removed from the sigring.pgp. A simmilar log can be kept for encryptions & moving keys in and out of the pubring.pgp. If the user not verifying a large number of sigs. the sigring.pgp & the pubring.pgp can be combined. There should also be some type of mechanisim to remind the user to verify keys that he frequently uses. All the above is handled transparently to the user after the inital set-up via a GUI install program. Most of the mechanics are handled through a colection of e-mail filters/scripts and a few small EXE's that I have written. I have most of the code written and am in the process of working the kinks out. The whole ideal of this is to keep the minimum # of keys in the users pubring & sigring for usability while still having the master keyring as a backup. I still need to develop a means of insuring that a key that is "trusted" by association on the master keyring retains that trust when transfered to the pubring.pgp. I think I can develop somthing along the lines of the ATT PathServer and calculate what keys need to be copyed along with the target key that is being copied to the pubring.pgp. As soon as I have a working model I will write somthing up in greater detail and make it available on my web page. - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii@amaranth.com for PGP Key and other info - ----------------------------------------------------------- Tag-O-Matic: This marks Logical End-Of-Message. Physical EOM follows -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMtISZI9Co1n+aLhhAQFAvQQAiakA24txxJ2mZJU/lhb2bqdm1G2nBj50 b4ONi7y8F4fGrsC+nWwoeh1ta5iu3aOQLr+3mYWtafvEUjxvP4mDvke3ToD9riD8 dKU9MKxZd6CG0sZA6TX199gOkY0Ep8fSyJMKQSgddFe+LpahJpxs7dm7bP6pWDbF oOj+2J61IOc= =kgSh -----END PGP SIGNATURE-----
participants (4)
-
ichudov@algebra.com -
Lucky Green -
Vince -
William H. Geiger III