Mainstreaming PGP on Usenet

Igor Chudov @ home ichudov at algebra.com
Tue Mar 5 05:42:23 PST 1996


-----BEGIN PGP SIGNED MESSAGE-----

To: dlv at bwalk.dm.com (Dr. Dimitri Vulis)
Cc: cypherpunks at toad.com
Subject: Re: Mainstreaming PGP on Usenet

Dr. Dimitri Vulis wrote:
> 
> ichudov at algebra.com (Igor Chudov @ home) writes:
> > Dr. Dimitri Vulis wrote:
> > > One issue that hasn't been addressed by the s.c.r.m robomod is the
> > > possibility of persistent nyms: that is, Alice D. Nonymous somehow makes
> > > her public key known to the robomod; and later if someone submits an articl
> > > via some anon remailer claiming to be hers, it would be rejected if the
> > > signature doesn't check. Of course, her true submissions would be accepted
> > > from any remailer. How could such protocol be implemented?
> >
> > We see no problem with user posting under pseudonyms, as long as they do
> > not try to pretend to be other real people and do not constantly mutate,
> > and submit their messages to the robomoderator for consideration.
> 
> On the contrary, I was thinking of a situation when a person is posting through
> an anonymous remailer, yet wishes to establish a persistent nym that can't be
> impersonated. E.g., someone may submit articles via remailers (different every
> time) and have a signature 'Alice D. N.'; what's to prevent someone else from
> submitting an article and also signing it 'Alice D. N.'?
> 
> I was thinking of allowing the user to add a 'From: <nym>' in the first
> paragraph of the PGP-signed block. To establish the nym, Alice would first
> post her public key under the name of Alice; then she would post things like
> 
> From: remailer at somewhere
> 
> -- begin pgp signed msg
> 
> From: Alice
> 
> ...
> 
> This would also address the problem of someone's misconfigured system where
> his submissions appear to come from moron at camelot.ptu.edu or
> moron at pendragon.ptu.edu or some other random hostname.
> 

As far as I understand, the problem boils down to this:

   Nym users want to have an identity (belief of other users that
   a set of articles originating from many anonymous addresses were in
   fact written by one person). At the same time, we want to prevent
   users who do not have a permanent return address from using
   addresses of other persons.

One of the problems with allowing users to specify return addresses in
the letters is a possibility of forgery: what if
Mallory at evil-services.com posts a MAKE MONEY FAST message, and specifies
that her "From: " address should be Popugaev at get_high.edu? Such posting
could get Mr. Popugaev in trouble.

Maybe the following rewriting rule may be a good compromise between
functionality and security, for PGP signed messages:

1. Original "From: " address is rewritten as "X-Origin" or some such.

2. "From:" address is always set to the main user ID of the PGP key that
was in the signature.

3. For "Reply-To: " we use "Reply-To: ", if it is present, then we try
"From: ", and if "From: " is not present, "Reply-To: " is not set.

4. If "Subject: ", "Date: ", "Message-ID: ", or "Newsgroups: " is
present on the block of pseudo-headers starting with the first line of
the text, use them instead of trusting the headers of an email.

This way, we achieve the following results: 

1. Positive and reliable identification of users is possible to every
reader of soc.culture.russian.moderated, not only to moderators;

2. Users gain additional protection from man-in-the-middle attacks by
using well protected pseudo-headers withing PGP signed blocks; they
cannot misuse this feature by lying about who they are;

3. Those who do not want to bother do not have to;

4. People with misconfigured email addresses may have at least
some address field ("From: ") set correctly.

5. Nyms can post freely through any anon remailers and always have their
identity show up in the "From: " field, even if remailers do not allow
users to specify their identity at all.

Note that I agree that we need to have a database of MD5 checksums of all
submissions and carefully process duplicates.

What do you think?

	- Igor.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMTvi6MJFmFyXKPzRAQGEMQP8C4V9gCs5REc5hez0gRP7bXn9NGV5S/6l
fxJo4SPmCBdWxn+msLxchbrho/hlhcUMaPuswcnacgrqEAyd1H4yIiMyZ1s6z06e
0q6WQ8QUy/E1nrc4lCSXKUBYB8MV/SGlynxxq3X9T2eF2lmnoArWj4QpfcVgk9RR
HvcvpK3GWuA=
=OXCv
-----END PGP SIGNATURE-----






More information about the cypherpunks-legacy mailing list