Yesterday the PGP Moose Checking Daemon did its first automatic cancellation. The offending message lasted less than a second. For some months I've been working on some scripts collectively called "the PGP Moose", which are intended to cryptographically authenticate news postings, and send notifications or cancellations when postings fail the authentication. This message is to announce that the moderators' and users' end of the software seems to be ready to go, and I'm looking for testers who have a better and more complete newsfeed than I to cooperate with running the cancelling daemon part of it. Both parts are tested to the best of my ability. The aim of this software is to monitor the news postings of moderators of USENET newsgroups, and to automatically cancel forged messages purporting to be approved. This can be extended to the approvals of individual users to automatically cancel messages that appear without having been authorised by the user. This has (obviously) been prompted by the recent spammings and other events. This software and protocol is designed around cryptographic signatures. The protocol is designed to allow the use of different signature techniques. This implemention assumes the use of PGP signatures, but can be easily modified to use others, such as the Digital Signature Standard. PGP was chosen for its widespread availability around the world. Basically, there is a script you run which inserts a special header based on a PGP signature of the important parts of the article. When an article arrives at a site running the PGP Moose Checking Daemon, the existence and correctness of this special header are checked, and either someone is notified or the article is cancelled. PGP, the crux of the cryptographic software, was written by Phil Zimmermann <prz@acm.org>, who otherwise has nothing to do with this. The cryptographic framework was written by me <Greg_Rose@sydney.sterling.com>, as were the INN news system hooks. The <A HREF=http://www.sydney.sterling.com:8080/~ggr/pgpmoose.html>README</A> is available for browsing, so I won't post it here, but I will happily send it (or the scripts) to people who can't get it easily on the Web. -- Greg Rose INTERNET: greg_rose@sydney.sterling.com Sterling Software VOICE: +61-2-9975 4777 FAX: +61-2-9975 2921 28 Rodborough Rd. http://www.sydney.sterling.com:8080/~ggr French's Forest 35 0A 79 7D 5E 21 8D 47 E3 53 75 66 AC FB D9 45 NSW 2086 Australia. co-mod sci.crypt.research, USENIX Director.