1995-10-09 - PGP Moose anti-spam authentication ready to go

Header Data

From: Greg_Rose@sibelius.sydney.sterling.com (Greg ROSE)
To: crypt-request@cs.aukuni.ac.nz
Message Hash: 83aa5cbb917d06531188620ac921300c774e41cacc030e784d533700e98afe14
Message ID: <9510090642.AA41873@paganini.sydney.sterling.com>
Reply To: N/A
UTC Datetime: 1995-10-09 06:41:08 UTC
Raw Date: Sun, 8 Oct 95 23:41:08 PDT

Raw message

From: Greg_Rose@sibelius.sydney.sterling.com (Greg ROSE)
Date: Sun, 8 Oct 95 23:41:08 PDT
To: crypt-request@cs.aukuni.ac.nz
Subject: PGP Moose anti-spam authentication ready to go
Message-ID: <9510090642.AA41873@paganini.sydney.sterling.com>
MIME-Version: 1.0
Content-Type: text/plain



Yesterday the PGP Moose Checking Daemon did its
first automatic cancellation. The offending message
lasted less than a second.

For some months I've been working on some scripts
collectively called "the PGP Moose", which are
intended to cryptographically authenticate news
postings, and send notifications or cancellations
when postings fail the authentication. This message
is to announce that the moderators' and users' end
of the software seems to be ready to go, and I'm
looking for testers who have a better and more
complete newsfeed than I to cooperate with running
the cancelling daemon part of it. Both parts are
tested to the best of my ability.

The aim of this software is to monitor the news
postings of moderators of USENET newsgroups, and to
automatically cancel forged messages purporting to
be approved.  This can be extended to the approvals
of individual users to automatically cancel messages
that appear without having been authorised by the
user. This has (obviously) been prompted by the
recent spammings and other events.

This software and protocol is designed around
cryptographic signatures.  The protocol is designed
to allow the use of different signature techniques.
This implemention assumes the use of PGP signatures,
but can be easily modified to use others, such as
the Digital Signature Standard.  PGP was chosen for
its widespread availability around the world.

Basically, there is a script you run which
inserts a special header based on a PGP signature
of the important parts of the article. When an
article arrives at a site running the PGP Moose
Checking Daemon, the existence and correctness
of this special header are checked, and either
someone is notified or the article is cancelled.

PGP, the crux of the cryptographic software, was
written by Phil Zimmermann <prz@acm.org>, who
otherwise has nothing to do with this. The cryptographic
framework was written by me <Greg_Rose@sydney.sterling.com>,
as were the INN news system hooks.

The <A
HREF=http://www.sydney.sterling.com:8080/~ggr/pgpmoose.html>README</A>
is available for browsing, so I won't post it here,
but I will happily send it (or the scripts) to people
who can't get it easily on the Web.

-- 
Greg Rose               INTERNET: greg_rose@sydney.sterling.com  
Sterling Software       VOICE:  +61-2-9975 4777    FAX:  +61-2-9975 2921
28 Rodborough Rd.       http://www.sydney.sterling.com:8080/~ggr
French's Forest         35 0A 79 7D 5E 21 8D 47  E3 53 75 66 AC FB D9 45
NSW 2086 Australia.     co-mod sci.crypt.research, USENIX Director.





Thread