|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Hold on to your news servers
Sheesh. I'm getting tired of increasingly large logs of cancels and reposts. I think we should start treating all cancels that are sent out by someone who is not a moderator or the original poster as an abuse. Anyone who cancels someone elses post who is not a moderator or the original poster should lose their account/job at ISP/etc. So lets start sending in complaints... --Dean At 02:20 PM 11/13/1998 -0500, Jeff Garzik wrote: > > >Hey guys, this is a heads-up about Karl Denninger's new clean-news >system. I haven't seen any posts on this list about it. His message >describing the implementation is attached below, posted "publicly" on >chi.internet. (skip the quoted stuff) > >Karl is about to send out cancel messages, cancelling _every_ Usenet >binary that is not PGP-signed by someone registered with his system. >He says that these cancels will only go out to people he explicitly >peers with, and not Usenet at large. He then adds that what these >peers do with the cancel msgs is their own business. > >Folks, the goal is good, but the implementation is bad. > >These cancel msgs will leak out to Usenet at large. History proves >this; leaking of net.*, bofh.*, clari.*, etc. occurs all the time >despite admins' best efforts. > >And when these cancels leak, every news server on Usenet will >* suddenly be receiving _thousands_ of additional cancels, and >* 99.9999% of the binaries out there will disappear from your servers. > >I do not want to be handling the support calls when this occurs. > >If you are interested in this issue, there is a discussion on >news.admin.net-abuse.usenet, thread "Karl Denninger loses his marbles..." > >Or ask me, I'm more than happy to outline the technical ramifications >of this, and why it's a bad idea, in more detail. I'll cut and paste >from my e-mails to Karl. :) > > Jeff > (news admin/consultant) > > > >P.S. Had mailer problems. Apologies if you are seeing this twice. > > > > >>Path: news.teleport.com!uunet!in3.uu.net!nntp.ntr.net!news.maxwell.syr.edu!news-xf er.newsread.com!netaxs.com!newsread.com!news.mcs.net!ddsw1!news.mcs.net!not- for-mail >>From: [email protected] (Karl Denninger) >Newsgroups: chi.internet >Subject: Re: MegsInet Newsgroup server >Date: 12 Nov 1998 03:59:06 GMT >Organization: Karls Sushi and Packet Smashers >Message-ID: <[email protected]> >References: <[email protected]> <[email protected]> >NNTP-Posting-Host: kdhome-2.pr.mcs.net >X-Newsreader: trn 4.0-test69 (20 September 1998) >Xref: news.teleport.com chi.internet:17477 > >In article <[email protected]>, >Tommy the Terrorist <[email protected]> wrote: >>In article <[email protected]> Clifton T. Sharp Jr., >>[email protected] writes: >>>There were some problems of late. One notable thing from the statistics >>>is that we weren't getting our usual hundreds of thousands of articles >>>from the MCI feed. Since C&W bought MCI's internet stuff, it seems like >>>anything associated with the former MCI has gone straight to hell. It >>>looks to me that as of now the problems are fixed; the newsgroups I follow >>>have suddenly found hundreds of articles apiece. >> >>Who's kidding who? I presume you guys have heard of a certain asshole in >>New York government (what a redundancy!) named Vacco? Presumably the >>problem is the collective flushing of digital toilets now that ISP's have >>become the new hunting ground for Evil Substances, etc. >> >>The problem with this particular war is that nothing short of a total >>victory for the people, to keep anything and everything on ISP's, can >>possibly prevent the state aggressors from eating away at free forums of >>communications as fast as they can have their pet narks post child >>pornography (with impunity) to anywhere they want the police to >>"legitimately" attack and destroy. And if that happens, then the last >>permitted forum of free speech in America, or damn near anywhere else, is >>dead, and the only hope of humanity for political progress will be in >>violence so unrestrained and universal that the smallest and weakest of >>people have an equal power of destruction because it is unlimited for >>all. And that is what inevitably will happen, unless something worse >>happens. > >Read this. It solves the problem. > >And yes, this system WILL be going online. The software is already working. > > > >The "Clean-News" System >======================= > >ABSTRACT: > >"Clean-News" is a means to identify the poster of binary data >on Usenet, remove most illegal content, and create a presumption of >accountability. > > >IMPLEMENTATION - USER SIDE: > >The "Clean-News" servers will have a key-ring of PGP keys. Anyone wanting >to post "unmolested" binaries does the following: > >1. Creates a PGP key for either 2.6.2 or 5.0 of the PGP software. > >2. Obtains, from the www.clean-news.org web site, a list of authorized > signers of their PGP key. > >3. Contacts one of those signers, follows their procedures (which may > include the payment of a fee), produces appropriate identification > demanded by that signer, and gets their public key *signed* by that > organization or individual. That is, the signer *vouches* for the > authenticity of the key; that it belongs to the person who claims > to be represented, that the email address associated with it is > valid, and creates and maintains appropriate records to back up > that assertion. > >4. Submits the SIGNED key to the clean-news.org system. > >This database (of signed keys) is PUBLIC. Anyone can query it given an >article which is signed by said key and obtain the name, email address, >AND SIGNER of the key in question. > >The person with the private key associated with the signed, public key >is then free to post binaries on Usenet, and clean-news will not molest >them. > > >IMPLEMENTATION - SERVER SIDE: > >The "clean-news" system obtains a feed from major backbone sites. It >accepts all articles sent to it and maintains no database. It speaks >both the older "ihave" protocol as well as the "check/takethis" newer >NNTP protocol. > >Upon receipt of an article, the software checks to see if the posting >contains binary data. It looks for common encoding formats - UUENCODE >and MIME image data, primarily. > >Textual messages are ignored. > >Binary messages are run through the PGP software, and the output of >the PGP verification process is read back. This process returns one >of several results: > >1. No signature on the file at all. > >2. A signature is on the file, but the key ID is not known. > >3. A signature is on the file, and the key is known, but it is > not certified as "trusted". > >4. A signature is on the file, is valid, and the key is both > known and has a level of trust associated with it. > >In cases 1 - 3, the clean-news system emits a cancel message for the article >in question immediately upon receipt. It does this by following the >convention established for NOCEMs and other "spam cancels"; that is, it >prepends "cancel." to the Message ID, and emits the cancel with this >synthetic message Id. It also returns the posting with the system >identification "clean-news" in the PATH line to permit aliasing out >of the clean-news feed by those site admins who do not want the cancels. > >In case 4, the binary is ignored, as textual messages are. > > >IMPLICATIONS - USENET SITE ADMINS READ THIS: > >1. If you DO NOT want the "Clean-News" cancels, you should alias out > the site "clean-news" from your Usenet software. Note that doing > this will REMOVE any presumption that you would otherwise gain > by ACCEPTING this feed. > >2. If you DO want the "Clean-News" cancels, then do nothing, and > further, contact your upstream News peers and insure that THEY > are not aliasing out the feed. > >3. If you CANNOT obtain these cancels (because all your upstreams > are aliasing them out), or if you want the BEST possible feed, > contact [email protected] by email. You will receive in > response an automated email detailing how to obtain a direct > feed of the clean-news cancels. > > Note that this feed is rather low in volume - while it emits > MANY cancels, they are small articles. You MUST BE able to > keep up with this feed - the feed software will NOT keep > articles for more than a few hours before it "junks" them. > The feed will come to you via a Diablo feed system and is > UNIDIRECTIONAL. Attempting to connect back to the Diablo > machine will fail. > >4. If you want to pass these cancels on to your PEERS, be advised > that some of them may consider this service to be a "bad thing". > I recommend, but obviously cannot enforce, that such is noticed > to your peers so they may alias out the feed if they do not > want it. > > > >WHAT DOES THIS MEAN TO POSTERS: > >1. The use of a valid key creates a *presumption*, but not proof, > that the poster really is who they said they are. That is, enough > to get a search warrant. If Kiddie Porn shows up with a signature, > the TRUSTED SIGNER of the key is determinable. That signer must, > to be considered a trusted signer, keep records suitable for > interrogation based on a published policy (ie: "serve us with a > subpoena", etc). > > The LEO in question then asks the signer for the data, and complies > with the policy they have set (which may include obtaining a warrant > and/or subpoena). They then get a search warrant for the alleged > perpetrator of the transmission, and see if in fact the material > in question is being emitted there using standard forensic > techniques. > >2. LEGITIMATE binary posters have nothing to fear. Anonymous binaries > get cancelled instantly, as do any which are unauthenticated. > Those which ARE authenticated are free to be posted, but your > identity is known, its undeniably yours (since it WAS your private > key used to sign the article) and if you post something "naughty" > the LEOs have all they need to come after you. > > > >WHAT ARE MY RESPONSIBILITIES AS A USER OF THIS SYSTEM WHO SUBMITS A KEY? > >Your primary responsibility is to PROTECT YOUR PRIVATE KEY. It is >*STRONGLY* recommended that you keep this key on a protected, safe, >removable device (such as a floppy with write-protect enabled) and NOT >let it out of your personal control. > >If your PRIVATE key is COMPROMISED (ie: you lose the disk, you have reason >to believe someone has stolen a copy of the key file, etc) you should >IMMEDIATELY contact the introducer (the organization or person you had sign >the key) *AND* the clean-news system at "[email protected]" by email. >When you contact the clean-news system, SIGN YOUR REVOCATION REQUEST. >DO NOT send anything other than a revocation request to the above address. >NOTE THAT REVOCATION OF A KEY IS PERMANENT AND CANNOT BE REVERSED. >You should ALSO immediately revoke the key from any other key rings >that you may have registered this key with. > >Note that ANY message signed with your key will be PRESUMED to be issued >by you *PERSONALLY*. For this reason you should take EXTREME care with >your private key. If it is stolen and used for illicit purposes those >transactions will be traced to *YOU*, and you could find yourself under >investigation by either civil or criminal authorities for something you >have not done. > > > >HOW DO YOU REVOKE A KEY IF IT IS COMPROMISED? > >Keys may be revoked by: > >1. The person who owns it at any time (ie; "I lost my key disk"). > >2. Any LEO who provides an affidavit that said key was used to > post copyrighted or otherwise illegal material. > >3. Any LEO who provides an affidavit that a trusted introducer > is not in fact trusted (ie: cannot produce the records, or produces > false records, regarding a key they signed). > >4. A trusted introducer may revoke their signature of any person's key > that they have signed, in the event they discover that the key does > not in fact belong to the person claimed or identification was > falsified. > >When a key is invalidated the owner of the key is notified by email that >their key was removed, and why (which of the above categories "happened"). > >A cancelled or revoked key is removed from the key ring, and is treated >exactly as if it was never submitted to the system. > >To revoke a key as the owner of the key, send a PGP-signed request >to "[email protected]". IF THE REQUEST IS NOT SIGNED OR THE SIGNATURE >IS INVALID IT WILL BE IGNORED. Assuming that the signature is good, you >will be notified by return email when the revocation is processed. > > > > >IS THERE A COST FOR THIS? > >1. Individuals do not pay to list keys. However, INTRODUCERS may > charge for signing a key (at their discretion) and maintaining > the records necessary to comply with identification requests. > >2. Systems desiring a *direct* feed may be assessed a small charge > to cover the operating expenses of the systems involved. NO CHARGE > FOR THE FEED ITSELF IS MADE, NOR FOR THE PROCESSING - ONLY THE > TRANSPORT. If you receive a feed of the cancels you are encouraged > to propagate it to others on mutually-agreeable terms to others > who are also willing to receive it. > > > >WHAT ABOUT PRIVACY ISSUES? > >1. The records of the clean-news system are EXPLICITLY public. > Ergo, submitting a public key to the system constitutes > publication of that key, and the fact that it is signed by one > or more organizations and individuals. HOWEVER, that, alone, is > worthless to an interloper. The email address on the key does NOT > have to be valid, nor does the name - it must only map to a unique > person at the SIGNER'S location which can be disclosed through > their policies. As such, there is no privacy issue on the keyring > used by the clean-news system ITSELF. > >2. Customers and users who have their keys signed by an introducer > should make themselves aware of the privacy policies of the signer. > IF YOU ARE NOT COMFORTABLE WITH THEIR PROCEDURES AND ASSURANCES, YOU > SHOULD USE A DIFFERENT KEY SIGNER! > >-- >-- >Karl Denninger ([email protected]) http://www.mcs.net/~karl >I ain't even *authorized* to speak for anyone other than myself, so give >up now on trying to associate my words with any particular organization. > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc [email protected] LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|