1993-03-03 - Re: Piercing anonymitiy and censorship

Header Data

From: pmetzger@shearson.com (Perry E. Metzger)
To: tytso@athena.mit.edu
Message Hash: f848e54fab600a8ac0e7e6f028a48e7f36ffd3385dd26fa7d22a2ce0cc50fd87
Message ID: <9303030105.AA21682@maggie.shearson.com>
Reply To: N/A
UTC Datetime: 1993-03-03 03:46:10 UTC
Raw Date: Tue, 2 Mar 93 19:46:10 PST

Raw message

From: pmetzger@shearson.com (Perry E. Metzger)
Date: Tue, 2 Mar 93 19:46:10 PST
To: tytso@athena.mit.edu
Subject: Re: Piercing anonymitiy and censorship
Message-ID: <9303030105.AA21682@maggie.shearson.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: Theodore Ts'o <tytso@athena.mit.edu>
> 
>    Date: Tue, 2 Mar 93 14:15:15 EST
>    From: pmetzger@shearson.com (Perry E. Metzger)
> 
>    Of course there are ways -- and they need not be so drastic. You could,
>    for instance, simply prevent non-subscribers from posting to your list,
>    and use public key to verify identities. This would allow you to swiftly
>    stop abuse. I've already noted this twice. You've claimed this is impractical,
>    but the tools to do this, AND WITHOUT PATENT PROBLEMS, already exist and
>    would be cheap to implement.
> 
> If they are so cheap to implement them, could someone please implement
> them FOR THE USENET GROUPS?  (Where you don't have a concept of
> subscribers or non-subscribers?)

I don't have time Ted, I have really busy schedule. But, this is the
thumbnail of what you want.

1. Build a decent tool to handle the public key sigs on news format
message files and tell you if the file sender corresponds with
the signature -- a variant on RIPEM (more like a half hour hack) should
be able to do this.

2. Change the shell scripts handling incoming control messages inside
the news software to check signatures against a trusted list.

3. Set some scripts handling incoming moderated newsgroups that check
the signature against a trusted list.

4. Build a tool that checks that incoming signed messages correspond
with signatures stored in the signature database for the site, and
somehow flag non-authenticated or otherwise bogus signed messages.
Add a header line to give out this info so rn and other newsreaders can
nuke non-authenticated messages or what have you.

Sounds like this begins to give you a large fraction of what you want
without changing too much, and I bet its a few days of hacking. Its
primitive, but it seems like the right thing for a start and you can
take it from there. I specify keeping signatures on your news server and
checking them there to keep users from needing special new newsreaders and
to keep them from needing to run the signature code over and over again;
presumably they can trust their sysadmin and if they cant they can
get new tools so they don't have to.

> I here lots of *talk* of how easy it is to do this, or how easy it is to
> do that.  If it's so easy, why doesn't someone prove it to the rest of
> us by actually doing it.   I hate to bring the Real World down upon you
> guys, but talk is cheap; code sometimes isn't.

As I've said, I don't have time myself, but the above is really easy for
someone with a good knowledge of C News, RIPEM and the like. The hardest
part is handling a key database and doing key management since RIPEM has
no such provisions, but you can likely fix that. Then there is the issue
of getting RSA to permit your hacks to RIPEM to get out, which I suspect
they would. Okay, maybe not a few days, but certainly not much of a challenge
here and you have the start of the system we were talking about. Among
other things, it fixes forged control messages (presumably you
would leave cancel messages alone, but it could let you authenticate
newgroup and delgroups, which is a big problem), forged moderated messages,
and give you the start of what you would need to start ignoring unsigned
messages or messages from users you don't like on newsgroups. The
stuff for non-moderated newsgroups would be primitive, but it would be
a start and would let users have the option of deciding what they want
to do with non-authenticated messages.


Perry





Thread