Mainstreaming PGP on Usenet
I'm surprised nobody has brought this up before.... FIRST CALL FOR VOTES (of 2) moderated group soc.culture.russian.moderated <snip> 6. Individuals in the database of known readers may post freely to the group, subject to the conditions in sections 1-4 above. If need arises, the robomoderator may perform PGP verification of the identity of the known reader and, if the reader requests so, automatically reject all the submissions from the reader without a valid PGP signature. -- Bruce Baugh bruce@aracnet.com http://www.aracnet.com/~bruce
comp.os.ms-windows.announce will also start using PGPMoose when I get around to it, probably today. See http://www.sydney.sterling.com:8080/~ggr/pgpmoose.html -rich win-request@metrics.com On Sun, 3 Mar 1996, Bruce Baugh wrote:
I'm surprised nobody has brought this up before....
FIRST CALL FOR VOTES (of 2) moderated group soc.culture.russian.moderated
<snip>
6. Individuals in the database of known readers may post freely to the group, subject to the conditions in sections 1-4 above. If need arises, the robomoderator may perform PGP verification of the identity of the known reader and, if the reader requests so, automatically reject all the submissions from the reader without a valid PGP signature.
-- Bruce Baugh bruce@aracnet.com http://www.aracnet.com/~bruce
Just Rich <rich@c2.org> writes:
comp.os.ms-windows.announce will also start using PGPMoose when I get around to it, probably today.
All moderated newsgroups should use it. However the robomoderator that Igor Chudov wrote uses digital signatures to authenticate _posters as follows: there's a "white list" (as opposed to "black list") of trusted posters whose submissions will be approved and posted automatically, without going through any moderator. A person on the "white list" can request that the robomod check his signature and not post it if the submission may be a forged e-mail. I strongly urged Igor to make digital signatures mandatory for "white list" membership, but he argued that a lot of likely posters lack the brains to use PGP. The robomod will look at things like "Received" lines in the e-mailed submission to try and detect forgeries. While at it, here's a pre-filled ballot. Just add your name and e-mail it to russian-vote@netagw.com. ===== BEGINNING OF BALLOT: Delete everything BEFORE this line ===== ------------------------------------------------------------------- soc.culture.russian.moderated Ballot <SCRM-0001> (Do not remove this marker!) ------------------------------------------------------------------- Please provide your real name, or your vote may be rejected. Place ONLY your name (ie. do NOT include your e-mail address or any other information; ONLY your name) on the next line beside "Voter name:". Voter name: ------------------------------------------------------------------- Insert YES, NO, ABSTAIN, or CANCEL inside the brackets for each newsgroup listed below (do not delete the newsgroup name): Your Vote Newsgroup --------- --------- [ YES ] soc.culture.russian.moderated (moderated) ------------------------------------------------------------------- ===== END OF BALLOT: Delete everything AFTER this line ============ Vote YES to see how a robomoderator that uses PGP works out. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
-----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks@toad.com Subject: Re: Mainstreaming PGP on Usenet Dr. Dimitri Vulis wrote:
Just Rich <rich@c2.org> writes:
comp.os.ms-windows.announce will also start using PGPMoose when I get around to it, probably today.
All moderated newsgroups should use it.
However the robomoderator that Igor Chudov wrote uses digital signatures to authenticate _posters as follows: there's a "white list" (as opposed to "black list") of trusted posters whose submissions will be approved and posted automatically, without going through any moderator. A person on the "white list" can request that the robomod check his signature and not post it if the submission may be a forged e-mail. I strongly urged Igor to make digital signatures mandatory for "white list" membership, but he argued that a lot of likely posters lack the brains to use PGP. The robomod will look at things like "Received" lines in the e-mailed submission to try and detect forgeries.
This is not exactly correct. The check for white list will be there exactly as you specified. It will have a toggle switch, so that we can turn it on and off, depending on how badly we are hit with forgeries.
While at it, here's a pre-filled ballot. Just add your name and e-mail it to russian-vote@netagw.com.
Please do NOT use this pre-filled ballot to vote (although of course I would be pleased with cypherpunks helping to let such an experiment go). According to voting rules, you have to vote only in response to the full CFV posted to news.groups. If you do not have access to news or your news system expired the CFV already, you can retrieve the CFV (containing the rationale, charter and the ballot) by sending email to russian-cfv-request@netagw.com. Body of your message will be ignored. All votes that use pre-filled ballots are invalid. - Igor. - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMTqH5cJFmFyXKPzRAQGYVQQAktT4DYcIcDCV9CSWK+BYGPGS9S609m59 whde9eCtG7d6XRUdnAlZnJQ/sqr/TXVtpfTfGYTZJnD0HYOO0INq7+jN7qHs/7ue KKQMAHM0mi9njEsKUP1cFvn+h68UNDSlH9zrjuMgLZvPxHcal+Wg0gAT9MBsO3xs 4HG2DcpBTSo= =JUnd - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMTqIK8JFmFyXKPzRAQFRFwQAk7/feGthnWXKKJIH8m4XTRbfW0wT1dmI GazD0DSLU2Yy/L31QeIA2wdXqxHRIv15SXqv4/rdRnpbbRnxEmIO3jzZmRjvjWTK +wXO/kDrlmiiO+QCmg6jQs8BD4Mk4wNkqwsgUhxLnX9z6nwRA3KUqpOMp8Y45HRT aFyQV5SYByg= =cTQ0 -----END PGP SIGNATURE-----
Bruce Baugh <bruce@aracnet.com> writes:
I'm surprised nobody has brought this up before....
FIRST CALL FOR VOTES (of 2) moderated group soc.culture.russian.moderated
<snip>
6. Individuals in the database of known readers may post freely to the group, subject to the conditions in sections 1-4 above. If need arises, the robomoderator may perform PGP verification of the identity of the known reader and, if the reader requests so, automatically reject all the submissions from the reader without a valid PGP signature.
Igor Chudov, who coded the robomoderator, reads Cypherpunks, and is known to appreciate and use good suggestions. One issue that hasn't been addressed by the s.c.r.m robomod is the possibility of persistent nyms: that is, Alice D. Nonymous somehow makes her public key known to the robomod; and later if someone submits an article via some anon remailer claiming to be hers, it would be rejected if the signature doesn't check. Of course, her true submissions would be accepted from any remailer. How could such protocol be implemented? (Of course, some people have what they believe to be valid reasons not to use PGP.) --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
-----BEGIN PGP SIGNED MESSAGE----- To: dlv@bwalk.dm.com (Dr. Dimitri Vulis) Cc: cypherpunks@toad.com Subject: Re: Mainstreaming PGP on Usenet Dr. Dimitri Vulis wrote:
Bruce Baugh <bruce@aracnet.com> writes:
I'm surprised nobody has brought this up before.... FIRST CALL FOR VOTES (of 2) moderated group soc.culture.russian.moderated
<snip>
6. Individuals in the database of known readers may post freely to the group, subject to the conditions in sections 1-4 above. If need arises, the robomoderator may perform PGP verification of the identity of the known reader and, if the reader requests so, automatically reject all the submissions from the reader without a valid PGP signature.
Igor Chudov, who coded the robomoderator, reads Cypherpunks, and is known to appreciate and use good suggestions.
Indeed. If you indicate your interest, I can post here a more or less full description of the robomoderator, how it implements secure exchange between itself and human moderators, verifies submissions, and signs approved articles for posting (it uses PMApp by Greg Rose). Your criticisms will be most welcome.
One issue that hasn't been addressed by the s.c.r.m robomod is the possibility of persistent nyms: that is, Alice D. Nonymous somehow makes her public key known to the robomod; and later if someone submits an article via some anon remailer claiming to be hers, it would be rejected if the signature doesn't check. Of course, her true submissions would be accepted from any remailer. How could such protocol be implemented?
We see no problem with user posting under pseudonyms, as long as they do not try to pretend to be other real people and do not constantly mutate, and submit their messages to the robomoderator for consideration.
(Of course, some people have what they believe to be valid reasons not to use PGP.)
Sorry if this question will provoke a mini flamewar, but what are such reasons? - Igor. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMTp458JFmFyXKPzRAQEbQAP8CAtCiNm9h7pijz4+qrm6FFGRBDjsqvZb RkgFetA01oEONdp+RW3NP6GBY1zeNg7+HahfoavNPhASwBl230hLni1fEW5pL75o J5v5yNCYT4/N1aVfchoo50kjXv+KqvRyjr5YNxVmd/IFKokSV1w9ASfdXVk/7uDB Ep1n1jmP4OQ= =EQOd -----END PGP SIGNATURE-----
ichudov@algebra.com (Igor Chudov @ home) writes:
Dr. Dimitri Vulis wrote: ...
One issue that hasn't been addressed by the s.c.r.m robomod is the possibility of persistent nyms: that is, Alice D. Nonymous somehow makes her public key known to the robomod; and later if someone submits an articl via some anon remailer claiming to be hers, it would be rejected if the signature doesn't check. Of course, her true submissions would be accepted from any remailer. How could such protocol be implemented?
We see no problem with user posting under pseudonyms, as long as they do not try to pretend to be other real people and do not constantly mutate, and submit their messages to the robomoderator for consideration.
On the contrary, I was thinking of a situation when a person is posting through an anonymous remailer, yet wishes to establish a persistent nym that can't be impersonated. E.g., someone may submit articles via remailers (different every time) and have a signature 'Alice D. N.'; what's to prevent someone else from submitting an article and also signing it 'Alice D. N.'? I was thinking of allowing the user to add a 'From: <nym>' in the first paragraph of the PGP-signed block. To establish the nym, Alice would first post her public key under the name of Alice; then she would post things like From: remailer@somewhere -- begin pgp signed msg From: Alice ... This would also address the problem of someone's misconfigured system where his submissions appear to come from moron@camelot.ptu.edu or moron@pendragon.ptu.edu or some other random hostname. P.S. So, when are you setting up your own mixmaster remailer, Igor? :-) --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
-----BEGIN PGP SIGNED MESSAGE----- To: dlv@bwalk.dm.com (Dr. Dimitri Vulis) Cc: cypherpunks@toad.com Subject: Re: Mainstreaming PGP on Usenet Dr. Dimitri Vulis wrote:
ichudov@algebra.com (Igor Chudov @ home) writes:
Dr. Dimitri Vulis wrote:
One issue that hasn't been addressed by the s.c.r.m robomod is the possibility of persistent nyms: that is, Alice D. Nonymous somehow makes her public key known to the robomod; and later if someone submits an articl via some anon remailer claiming to be hers, it would be rejected if the signature doesn't check. Of course, her true submissions would be accepted from any remailer. How could such protocol be implemented?
We see no problem with user posting under pseudonyms, as long as they do not try to pretend to be other real people and do not constantly mutate, and submit their messages to the robomoderator for consideration.
On the contrary, I was thinking of a situation when a person is posting through an anonymous remailer, yet wishes to establish a persistent nym that can't be impersonated. E.g., someone may submit articles via remailers (different every time) and have a signature 'Alice D. N.'; what's to prevent someone else from submitting an article and also signing it 'Alice D. N.'?
I was thinking of allowing the user to add a 'From: <nym>' in the first paragraph of the PGP-signed block. To establish the nym, Alice would first post her public key under the name of Alice; then she would post things like
From: remailer@somewhere
-- begin pgp signed msg
From: Alice
...
This would also address the problem of someone's misconfigured system where his submissions appear to come from moron@camelot.ptu.edu or moron@pendragon.ptu.edu or some other random hostname.
As far as I understand, the problem boils down to this: Nym users want to have an identity (belief of other users that a set of articles originating from many anonymous addresses were in fact written by one person). At the same time, we want to prevent users who do not have a permanent return address from using addresses of other persons. One of the problems with allowing users to specify return addresses in the letters is a possibility of forgery: what if Mallory@evil-services.com posts a MAKE MONEY FAST message, and specifies that her "From: " address should be Popugaev@get_high.edu? Such posting could get Mr. Popugaev in trouble. Maybe the following rewriting rule may be a good compromise between functionality and security, for PGP signed messages: 1. Original "From: " address is rewritten as "X-Origin" or some such. 2. "From:" address is always set to the main user ID of the PGP key that was in the signature. 3. For "Reply-To: " we use "Reply-To: ", if it is present, then we try "From: ", and if "From: " is not present, "Reply-To: " is not set. 4. If "Subject: ", "Date: ", "Message-ID: ", or "Newsgroups: " is present on the block of pseudo-headers starting with the first line of the text, use them instead of trusting the headers of an email. This way, we achieve the following results: 1. Positive and reliable identification of users is possible to every reader of soc.culture.russian.moderated, not only to moderators; 2. Users gain additional protection from man-in-the-middle attacks by using well protected pseudo-headers withing PGP signed blocks; they cannot misuse this feature by lying about who they are; 3. Those who do not want to bother do not have to; 4. People with misconfigured email addresses may have at least some address field ("From: ") set correctly. 5. Nyms can post freely through any anon remailers and always have their identity show up in the "From: " field, even if remailers do not allow users to specify their identity at all. Note that I agree that we need to have a database of MD5 checksums of all submissions and carefully process duplicates. What do you think? - Igor. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMTvi6MJFmFyXKPzRAQGEMQP8C4V9gCs5REc5hez0gRP7bXn9NGV5S/6l fxJo4SPmCBdWxn+msLxchbrho/hlhcUMaPuswcnacgrqEAyd1H4yIiMyZ1s6z06e 0q6WQ8QUy/E1nrc4lCSXKUBYB8MV/SGlynxxq3X9T2eF2lmnoArWj4QpfcVgk9RR HvcvpK3GWuA= =OXCv -----END PGP SIGNATURE-----
On Sun, 3 Mar 1996 ichudov@algebra.com wrote:
Dr. Dimitri Vulis wrote: ...
Igor Chudov, who coded the robomoderator, reads Cypherpunks, and is known to appreciate and use good suggestions.
Indeed. If you indicate your interest, I can post here a more or less full description of the robomoderator, how it implements secure exchange between itself and human moderators, verifies submissions, and signs approved articles for posting (it uses PMApp by Greg Rose).
It sounded cool (as heard on the moderator's list), but too complex for my needs, and I think it required some stuff I don't have. Of course, for a higher-traffic group, it's worth it. I don't see a way around the problem. ...
(Of course, some people have what they believe to be valid reasons not to use PGP.)
Sorry if this question will provoke a mini flamewar, but what are such reasons?
1. If you're like me and you habitually read your mail online on a host on the Internet, no matter how secure, then that's a security risk. Of course one could, and many people do, create multiple PGP keys, one for casual authentication and encryption online, and another held in check for stuff that needs to be secure. I just don't bother with a "10% secure" key for cpunks and casual mail, though I do sign most of my Usenet posts. 2. If you send a PGP-signed message to a non-PGP-aware list, there will be questions, and sometimes ridicule. Sometimes this is an opportunity for education, sometimes it's just not worth the trouble. 3. Using PGP may attract the unwelcome attention of hostile local or foreign governments, or possibly other armed thugs. 4. "It's too hard." -rich
participants (4)
-
Bruce Baugh -
dlv@bwalk.dm.com -
ichudov@algebra.com -
Just Rich