The Difficulty of Source Level Blocking

Theodore Ts'o tytso at ATHENA.MIT.EDU
Tue Feb 15 18:59:47 PST 1994


   Date: Tue, 15 Feb 94 17:11:34 -0800
   From: hughes at ah.com (Eric Hughes)

   To summarize the specifics of Ted's proposal:
     1. mail to a central site is accessed by internet client
     2. moderators vote +/-/0/not now
     3. threshold weighting + and -
     4. selection of moderators left open
     5. security of approved header left open

   I had thought of using email to distribute articles to the moderator,
   but one might just as easily use NNTP.  The modified newsreader could
   be pointed at the restricted-to-moderators NNTP site.  NNTP might not
   even need extension, if the existing authentication procedures can be
   hacked to work.  Votes/ratings can be in the form of articles posted
   to a .votes or .ratings group.

I wouldn't do it that way.  There's too much overhead involved in
talking to the .votes or .ratings group.  I'd instead extend the NNTP
protocol with a "XVOTE" command, which can take the arguments "yes" or
"no"; this way, the server code is much simpler.  The client code won't
be that bad --- it would be pretty easy to modify gnus to do the right
thing.  It will be important to have real authentication to that central
site, though; password stealing is all too common these days.

   Later protocols could be developed to get rid of the hazards of single
   central sites.  This central site is only for each newsgroup, though,
   not the whole system.

I wouldn't worry about the "hazards of the single central server" for
quite a while, precisely because it is only for each newsgroup.  I'd
imagine that the number of people that would be moderating a newsgroup
would be relatively small.

   I wouldn't worry about forged Approved: headers right now.  That bit
   of usenet will take major public key surgery to fix.  I don't think it
   will happen until the RSA patents expire.

Actually, it might not be that hard to fix.  Consider an additional
header line which contains the signature of selected header fields (say,
the message-id, the date, the from field, and the subject).  I doubt
that a news systems would ever verify the signature while they are
accepting mail --- that would slow down the news throughput
unacceptablely throughout the system --- but one can imagine an
"auto-cancellation" system installed on a few key sites that would send
out cancel message for any article a "new moderated group" that didn't
have a valid signature on it.  That way, you don't even need to get the
signature validation software running on all sites; indeed, most sites
wouldn't need to upgrade their software at all, which is a major point.

One problem that hasn't been addressed is the social one: how do people
choose moderators?  The only method we currently have involves
conducting a Usenet vote, which tends to be a long and cumbersome
process.  Any other one, unfortunately, tends to bring up cries of
"Usenet cabal" very quickly.  The one exception is the "anyone can be a
moderator"; but that will only stop the newbie poster --- it won't stop
a determined attacker.



						- Ted







More information about the cypherpunks-legacy mailing list