From: tytso@ATHENA.MIT.EDU (Theodore Ts’o)
To: hughes@ah.com
Message Hash: 58a4534f664bd86ef6b9d9c9eac492b1a7779aa3e4cc2963d2cf873ad04bebce
Message ID: <9402160252.AA11179@tsx-11.MIT.EDU>
Reply To: <9402160111.AA23661@ah.com>
UTC Datetime: 1994-02-16 02:59:47 UTC
Raw Date: Tue, 15 Feb 94 18:59:47 PST
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
Date: Tue, 15 Feb 94 18:59:47 PST
To: hughes@ah.com
Subject: Re: The Difficulty of Source Level Blocking
In-Reply-To: <9402160111.AA23661@ah.com>
Message-ID: <9402160252.AA11179@tsx-11.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain
Date: Tue, 15 Feb 94 17:11:34 -0800
From: hughes@ah.com (Eric Hughes)
To summarize the specifics of Ted's proposal:
1. mail to a central site is accessed by internet client
2. moderators vote +/-/0/not now
3. threshold weighting + and -
4. selection of moderators left open
5. security of approved header left open
I had thought of using email to distribute articles to the moderator,
but one might just as easily use NNTP. The modified newsreader could
be pointed at the restricted-to-moderators NNTP site. NNTP might not
even need extension, if the existing authentication procedures can be
hacked to work. Votes/ratings can be in the form of articles posted
to a .votes or .ratings group.
I wouldn't do it that way. There's too much overhead involved in
talking to the .votes or .ratings group. I'd instead extend the NNTP
protocol with a "XVOTE" command, which can take the arguments "yes" or
"no"; this way, the server code is much simpler. The client code won't
be that bad --- it would be pretty easy to modify gnus to do the right
thing. It will be important to have real authentication to that central
site, though; password stealing is all too common these days.
Later protocols could be developed to get rid of the hazards of single
central sites. This central site is only for each newsgroup, though,
not the whole system.
I wouldn't worry about the "hazards of the single central server" for
quite a while, precisely because it is only for each newsgroup. I'd
imagine that the number of people that would be moderating a newsgroup
would be relatively small.
I wouldn't worry about forged Approved: headers right now. That bit
of usenet will take major public key surgery to fix. I don't think it
will happen until the RSA patents expire.
Actually, it might not be that hard to fix. Consider an additional
header line which contains the signature of selected header fields (say,
the message-id, the date, the from field, and the subject). I doubt
that a news systems would ever verify the signature while they are
accepting mail --- that would slow down the news throughput
unacceptablely throughout the system --- but one can imagine an
"auto-cancellation" system installed on a few key sites that would send
out cancel message for any article a "new moderated group" that didn't
have a valid signature on it. That way, you don't even need to get the
signature validation software running on all sites; indeed, most sites
wouldn't need to upgrade their software at all, which is a major point.
One problem that hasn't been addressed is the social one: how do people
choose moderators? The only method we currently have involves
conducting a Usenet vote, which tends to be a long and cumbersome
process. Any other one, unfortunately, tends to bring up cries of
"Usenet cabal" very quickly. The one exception is the "anyone can be a
moderator"; but that will only stop the newbie poster --- it won't stop
a determined attacker.
- Ted
Return to February 1994
Return to ““W. Kinney” <kinney@bogart.Colorado.EDU>”