Integrating PGP 3.0 Library with INN
Hi, Has anyone thought of integrating PGP 3.0 library with INN? I was thinking along the lines of having PGPMoose support built right into INN: if an arriving article is posted to a moderated newsgroup for which a PGP key is available in the INN's keyring, INN verifies existence and correctness of a PGP signature. An article that fails this verification will be dropped. Same thing can be used for authenticating newgroup and rmgroup messages, in the spirit of true freedom on usenet -- anyone would be sent _their own_ newgroups and rmgroups but no one will be impersonated. For those not familar with PGP Moose, it is a program that was written by Greg Rose. It is used for signing approvals on usenet articles. It takes message body, several important header fields, signs them with PGP and places the signatures in the headers, in order not to clobber the text. If moderators choose short enough keys (512 bits for example), this verification will not take any significant amount of CPU time. igor
On Mon, 5 Aug 1996, Igor Chudov wrote:
Has anyone thought of integrating PGP 3.0 library with INN?
INN-1.5 will include a mechanism for PGP-authentication of control messages (newgroup, rmgroup, cancel, ...). My understanding is that ordinary (non-control) messages will not be authenticated at all by innd itself; that will still need to be done externally (by tools such as PGPMoose). --apb (Alan Barrett)
Igor Chudov wrote: | Has anyone thought of integrating PGP 3.0 library with INN? | | I was thinking along the lines of having PGPMoose support built | right into INN: if an arriving article is posted to a moderated | newsgroup for which a PGP key is available in the INN's keyring, | INN verifies existence and correctness of a PGP signature. | If moderators choose short enough keys (512 bits for example), this | verification will not take any significant amount of CPU time. Its my experience that at full feed sites, there isn't enough cpu to do this. A p-90 can get ovewhelmed pretty easily trying to keep up with the load. Trying to look into the body of an article means at least a few hundred more ops per article. You could do this on a leaf node. However, you cut the reliability of the system by adding things to go wrong. Better to have a scanner that checks specific moderated groups after INN has deposited the articles. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Adam Shostack <adam@homeport.org> writes:
Igor Chudov wrote:
| Has anyone thought of integrating PGP 3.0 library with INN? | | I was thinking along the lines of having PGPMoose support built | right into INN: if an arriving article is posted to a moderated | newsgroup for which a PGP key is available in the INN's keyring, | INN verifies existence and correctness of a PGP signature.
| If moderators choose short enough keys (512 bits for example), this | verification will not take any significant amount of CPU time.
Its my experience that at full feed sites, there isn't enough cpu to do this. A p-90 can get ovewhelmed pretty easily trying to keep up with the load. Trying to look into the body of an article means at least a few hundred more ops per article. You could do this on a leaf node. However, you cut the reliability of the system by adding things to go wrong. Better to have a scanner that checks specific moderated groups after INN has deposited the articles.
It's wasteful to run this checking at every Usenet node. It would be more efficient to run PHPMoose checking at a few trusted sites and have them issue NoCeMs for articles that fail the check. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
participants (4)
-
Adam Shostack -
Alan Barrett -
dlv@bwalk.dm.com -
ichudov@galaxy.galstar.com