From: bogstad@news.cs.jhu.edu (Bill Bogstad)
Date: Sun, 8 Oct 95 09:00:25 PDT
To: cypherpunks@toad.com
Subject: Re: Rethinking the utility of netnews "cancel" control messages
In-Reply-To: <v02110105ac99c03922dd@[204.179.132.4]>
Message-ID: <458sie$r41@blaze.cs.jhu.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <v02110105ac99c03922dd@[204.179.132.4]>,
Erik E. Fair <fair@clock.org> wrote:
>At 9:50 10/5/95, Rich Salz wrote:
>>Cancel/Supercede is a useful model -- architecting them out of Usenet
>>is a very bad idea.  Ask Clarinet.
>
>Is it? The principal effects of not having the mechanism is a slightly
>higher disk storage requirement for netnews - something completely unheard
>of in the annals of USENET.
>
>The downsides of having the mechanism (especially unauthenticated) we see
>now: official and unofficial squelching of articles that someone doesn't
>like for whatever arbitrary or situational reason.

	There is another benefit to the current system which is being
ignored.  That is, it allows for the removal of unauthorized postings.
Posting of copyrighted materials without authorization does occur and I
think the current cancel mechanism (with its lack of authentication) is an
important safety valve for dealing with irate copyright holders.  I can't
say that the disadvantages of the current spoofable cancel system don't
outweigh this benefit, but I think that any system designed to replace it
should include this capability.  Someone asked the question if one was a
librarian/archivist would/should they honor cancels.  Under the circumstances
I describe, I think they have to do so.

	Rather then eliminate cancels, I think a general authentication
system for all USENET posts makes more sense.  The news system itself
doesn't need to authenticate general posts.  That can be left up to the
decision of the individual reader.  In most case, I don't care as a news
reader if the real 'Erik Fair' posted this message.  It can stand on its own
merits.  In the case of cancels, as a news administrator I probably want to
restrict them to the original poster and a small set of authorized agents.
With new group and remove group messages, I probably want to only have a
small set of agents for the 'big seven' hierarchies and perhaps others.  I
see no downside to standardizing on a mechanism for including authentication
in news posts as long as we allow the user and site administrator to make
the decision about whether to pay attention to the authenticity of a
message.  Those who want the current system will set up the authentication
system to always say 'yes'.  Those who want to eliminate cancels can setup
the authentication module so it always says 'no'.  I would setup my system
somewhere in between these extremes.

				Bill Bogstad
				bogstad@cs.jhu.edu