1997-08-09 - Re: REPOST : Un-forgeable Cancels

Header Data

From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
To: cypherpunks@toad.com
Message Hash: 68928e43de8eeedfe3542d8f2b2cdbc57d9cc3e0266dd1baaf057f686455e879
Message ID: <L9D7ae93w165w@bwalk.dm.com>
Reply To: <12952.9708081327@misun2.mi.leeds.ac.uk>
UTC Datetime: 1997-08-09 16:31:56 UTC
Raw Date: Sat, 9 Aug 1997 09:31:56 -0700 (PDT)

Raw message

From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 9 Aug 1997 09:31:56 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: REPOST : Un-forgeable Cancels
In-Reply-To: <12952.9708081327@misun2.mi.leeds.ac.uk>
Message-ID: <L9D7ae93w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain


jbaber@mi.leeds.ac.uk writes:

> From what I can see (the full README is unavailable) PGPMoose is designed
> to Cancel messages in a moderated newsgroup that have not been approved by
> the moderator - by using PGP sigs to authenticate the approval.
>
> see http://people.qualcomm.com/ggr/pgpmoose.html

Given that Qualcomm employs Paul Pomes, who harrasses anonymous remailer
operators by complaining to their upstreams and employers, I advise you
to be wary of anything coming out of Qualcomm - like their Eudora mail reader.

> This could be modified for general cancels but would then involve PGPMoose
> having access to every authors Public Key.

A program that would search the news for articles that purport to be from
people who requested this service (and may be paying for it), verifying
their digital signatures, and issuing "hide" NoCeMs for the ones that fail
this check (possible forgeries) would be a good thing indeed and would
encurage the use of digital signatures.

As I pointed out before on the Cypherpunks list, signing only the body of
the article leaves one open to replay attacks: a forger can repost the
same signed article with new message-id and possible in new newsgroups.
Therefore at least both of these header fields need to be signed.

Perhaps the folks who participate in Brad Templeton's "son-of-rfc1036"
mailing list would like to propose a generaliaztion of the new headers
used by pgpmoose to sign the headers of an article together with it body.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps





Thread