From: Rich Salz <rsalz@osf.org>
Date: Wed, 4 Oct 95 16:18:36 PDT
To: owner-cypherpunks@toad.com
Subject: Re: FORGED CANCELS of posts on n.a.n-a.m
Message-ID: <9510042317.AA14344@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


>If the cancel cannot be authenticated (e.g., because the original article lacks
>the "Cancel-lock: M2" header, or the cancel lacks the "Cancel-key: M1" header
>such that H(M1)=M2), then INN should forward the unauthenticated cancel to one
>or more "collection centers" so the author of the original article may be
>notified.

So if 70% of Usenet follows this scheme a handful of forged cancels can easily
cause melt down.

>Each "collection center" deamon should wake up periodically (say, every hour),
>group the collected unauthenticated cancels by message-ids of the cancelled
>articles, and e-mail the (distinct) addresses (other than "usenet@*" or
>"news@*") mentioned in the "From:", "Sender:", "Authorized:", and
>"X-Cancelled-By:" headers, quoting the unauthenticated cancel and the Path's as
>seen at many different sites that forwarded the cancels. This way, if the
>unauthenticated cancel is indeed forged, its author will see within hours that
>it has been fraudulently cancelled _and_ will automatically receive enough
>"Path:" samples from all over the world to see where it was posted, by
>comparing the "Path:" headers in several forwarded copies.

I can post a handful of articles and forge the From line, and create my
own Cancel-lock headers by "rolling the dice."  I can then get their mailbox
bombed by forging cancels.  A little more complicated then "sendsys-bombing"
but not much more so.
	/r$