|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Hold on to your news servers
Yeah, since Karl's not "the boss" at MCS anymore, it would be kinda amusing to have MCS get flooded with complaints that one of their users (Karl) was abusing the network. :) Wonder if that would be an appropriate use of the RBL? :) On Fri, 13 Nov 1998, Dean Anderson wrote: > Sheesh. I'm getting tired of increasingly large logs of cancels and > reposts. I think we should start treating all cancels that are sent out by > someone who is not a moderator or the original poster as an abuse. > > Anyone who cancels someone elses post who is not a moderator or the > original poster should lose their account/job at ISP/etc. > > So lets start sending in complaints... > > --Dean > > > At 02:20 PM 11/13/1998 -0500, Jeff Garzik wrote: > > > > > >Hey guys, this is a heads-up about Karl Denninger's new clean-news > >system. I haven't seen any posts on this list about it. His message > >describing the implementation is attached below, posted "publicly" on > >chi.internet. (skip the quoted stuff) > > > >Karl is about to send out cancel messages, cancelling _every_ Usenet > >binary that is not PGP-signed by someone registered with his system. > >He says that these cancels will only go out to people he explicitly > >peers with, and not Usenet at large. He then adds that what these > >peers do with the cancel msgs is their own business. > > > >Folks, the goal is good, but the implementation is bad. > > > >These cancel msgs will leak out to Usenet at large. History proves > >this; leaking of net.*, bofh.*, clari.*, etc. occurs all the time > >despite admins' best efforts. > > > >And when these cancels leak, every news server on Usenet will > >* suddenly be receiving _thousands_ of additional cancels, and > >* 99.9999% of the binaries out there will disappear from your servers. > > > >I do not want to be handling the support calls when this occurs. > > > >If you are interested in this issue, there is a discussion on > >news.admin.net-abuse.usenet, thread "Karl Denninger loses his marbles..." > > > >Or ask me, I'm more than happy to outline the technical ramifications > >of this, and why it's a bad idea, in more detail. I'll cut and paste > >from my e-mails to Karl. :) > > > > Jeff > > (news admin/consultant) > > > > > > > >P.S. Had mailer problems. Apologies if you are seeing this twice. > > > > > > > > > >>Path: > news.teleport.com!uunet!in3.uu.net!nntp.ntr.net!news.maxwell.syr.edu!news-xf > er.newsread.com!netaxs.com!newsread.com!news.mcs.net!ddsw1!news.mcs.net!not- > for-mail > >>From: [email protected] (Karl Denninger) > >Newsgroups: chi.internet > >Subject: Re: MegsInet Newsgroup server > >Date: 12 Nov 1998 03:59:06 GMT > >Organization: Karls Sushi and Packet Smashers > >Message-ID: <[email protected]> > >References: <[email protected]> <[email protected]> > >NNTP-Posting-Host: kdhome-2.pr.mcs.net > >X-Newsreader: trn 4.0-test69 (20 September 1998) > >Xref: news.teleport.com chi.internet:17477 > > > >In article <[email protected]>, > >Tommy the Terrorist <[email protected]> wrote: > >>In article <[email protected]> Clifton T. Sharp Jr., > >>[email protected] writes: > >>>There were some problems of late. One notable thing from the statistics > >>>is that we weren't getting our usual hundreds of thousands of articles > >>>from the MCI feed. Since C&W bought MCI's internet stuff, it seems like > >>>anything associated with the former MCI has gone straight to hell. It > >>>looks to me that as of now the problems are fixed; the newsgroups I follow > >>>have suddenly found hundreds of articles apiece. > >> > >>Who's kidding who? I presume you guys have heard of a certain asshole in > >>New York government (what a redundancy!) named Vacco? Presumably the > >>problem is the collective flushing of digital toilets now that ISP's have > >>become the new hunting ground for Evil Substances, etc. > >> > >>The problem with this particular war is that nothing short of a total > >>victory for the people, to keep anything and everything on ISP's, can > >>possibly prevent the state aggressors from eating away at free forums of > >>communications as fast as they can have their pet narks post child > >>pornography (with impunity) to anywhere they want the police to > >>"legitimately" attack and destroy. And if that happens, then the last > >>permitted forum of free speech in America, or damn near anywhere else, is > >>dead, and the only hope of humanity for political progress will be in > >>violence so unrestrained and universal that the smallest and weakest of > >>people have an equal power of destruction because it is unlimited for > >>all. And that is what inevitably will happen, unless something worse > >>happens. > > > >Read this. It solves the problem. > > > >And yes, this system WILL be going online. The software is already working. > > > > > > > >The "Clean-News" System > >======================= > > > >ABSTRACT: > > > >"Clean-News" is a means to identify the poster of binary data > >on Usenet, remove most illegal content, and create a presumption of > >accountability. > > > > > >IMPLEMENTATION - USER SIDE: > > > >The "Clean-News" servers will have a key-ring of PGP keys. Anyone wanting > >to post "unmolested" binaries does the following: > > > >1. Creates a PGP key for either 2.6.2 or 5.0 of the PGP software. > > > >2. Obtains, from the www.clean-news.org web site, a list of authorized > > signers of their PGP key. > > > >3. Contacts one of those signers, follows their procedures (which may > > include the payment of a fee), produces appropriate identification > > demanded by that signer, and gets their public key *signed* by that > > organization or individual. That is, the signer *vouches* for the > > authenticity of the key; that it belongs to the person who claims > > to be represented, that the email address associated with it is > > valid, and creates and maintains appropriate records to back up > > that assertion. > > > >4. Submits the SIGNED key to the clean-news.org system. > > > >This database (of signed keys) is PUBLIC. Anyone can query it given an > >article which is signed by said key and obtain the name, email address, > >AND SIGNER of the key in question. > > > >The person with the private key associated with the signed, public key > >is then free to post binaries on Usenet, and clean-news will not molest > >them. > > > > > >IMPLEMENTATION - SERVER SIDE: > > > >The "clean-news" system obtains a feed from major backbone sites. It > >accepts all articles sent to it and maintains no database. It speaks > >both the older "ihave" protocol as well as the "check/takethis" newer > >NNTP protocol. > > > >Upon receipt of an article, the software checks to see if the posting > >contains binary data. It looks for common encoding formats - UUENCODE > >and MIME image data, primarily. > > > >Textual messages are ignored. > > > >Binary messages are run through the PGP software, and the output of > >the PGP verification process is read back. This process returns one > >of several results: > > > >1. No signature on the file at all. > > > >2. A signature is on the file, but the key ID is not known. > > > >3. A signature is on the file, and the key is known, but it is > > not certified as "trusted". > > > >4. A signature is on the file, is valid, and the key is both > > known and has a level of trust associated with it. > > > >In cases 1 - 3, the clean-news system emits a cancel message for the article > >in question immediately upon receipt. It does this by following the > >convention established for NOCEMs and other "spam cancels"; that is, it > >prepends "cancel." to the Message ID, and emits the cancel with this > >synthetic message Id. It also returns the posting with the system > >identification "clean-news" in the PATH line to permit aliasing out > >of the clean-news feed by those site admins who do not want the cancels. > > > >In case 4, the binary is ignored, as textual messages are. > > > > > >IMPLICATIONS - USENET SITE ADMINS READ THIS: > > > >1. If you DO NOT want the "Clean-News" cancels, you should alias out > > the site "clean-news" from your Usenet software. Note that doing > > this will REMOVE any presumption that you would otherwise gain > > by ACCEPTING this feed. > > > >2. If you DO want the "Clean-News" cancels, then do nothing, and > > further, contact your upstream News peers and insure that THEY > > are not aliasing out the feed. > > > >3. If you CANNOT obtain these cancels (because all your upstreams > > are aliasing them out), or if you want the BEST possible feed, > > contact [email protected] by email. You will receive in > > response an automated email detailing how to obtain a direct > > feed of the clean-news cancels. > > > > Note that this feed is rather low in volume - while it emits > > MANY cancels, they are small articles. You MUST BE able to > > keep up with this feed - the feed software will NOT keep > > articles for more than a few hours before it "junks" them. > > The feed will come to you via a Diablo feed system and is > > UNIDIRECTIONAL. Attempting to connect back to the Diablo > > machine will fail. > > > >4. If you want to pass these cancels on to your PEERS, be advised > > that some of them may consider this service to be a "bad thing". > > I recommend, but obviously cannot enforce, that such is noticed > > to your peers so they may alias out the feed if they do not > > want it. > > > > > > > >WHAT DOES THIS MEAN TO POSTERS: > > > >1. The use of a valid key creates a *presumption*, but not proof, > > that the poster really is who they said they are. That is, enough > > to get a search warrant. If Kiddie Porn shows up with a signature, > > the TRUSTED SIGNER of the key is determinable. That signer must, > > to be considered a trusted signer, keep records suitable for > > interrogation based on a published policy (ie: "serve us with a > > subpoena", etc). > > > > The LEO in question then asks the signer for the data, and complies > > with the policy they have set (which may include obtaining a warrant > > and/or subpoena). They then get a search warrant for the alleged > > perpetrator of the transmission, and see if in fact the material > > in question is being emitted there using standard forensic > > techniques. > > > >2. LEGITIMATE binary posters have nothing to fear. Anonymous binaries > > get cancelled instantly, as do any which are unauthenticated. > > Those which ARE authenticated are free to be posted, but your > > identity is known, its undeniably yours (since it WAS your private > > key used to sign the article) and if you post something "naughty" > > the LEOs have all they need to come after you. > > > > > > > >WHAT ARE MY RESPONSIBILITIES AS A USER OF THIS SYSTEM WHO SUBMITS A KEY? > > > >Your primary responsibility is to PROTECT YOUR PRIVATE KEY. It is > >*STRONGLY* recommended that you keep this key on a protected, safe, > >removable device (such as a floppy with write-protect enabled) and NOT > >let it out of your personal control. > > > >If your PRIVATE key is COMPROMISED (ie: you lose the disk, you have reason > >to believe someone has stolen a copy of the key file, etc) you should > >IMMEDIATELY contact the introducer (the organization or person you had sign > >the key) *AND* the clean-news system at "[email protected]" by email. > >When you contact the clean-news system, SIGN YOUR REVOCATION REQUEST. > >DO NOT send anything other than a revocation request to the above address. > >NOTE THAT REVOCATION OF A KEY IS PERMANENT AND CANNOT BE REVERSED. > >You should ALSO immediately revoke the key from any other key rings > >that you may have registered this key with. > > > >Note that ANY message signed with your key will be PRESUMED to be issued > >by you *PERSONALLY*. For this reason you should take EXTREME care with > >your private key. If it is stolen and used for illicit purposes those > >transactions will be traced to *YOU*, and you could find yourself under > >investigation by either civil or criminal authorities for something you > >have not done. > > > > > > > >HOW DO YOU REVOKE A KEY IF IT IS COMPROMISED? > > > >Keys may be revoked by: > > > >1. The person who owns it at any time (ie; "I lost my key disk"). > > > >2. Any LEO who provides an affidavit that said key was used to > > post copyrighted or otherwise illegal material. > > > >3. Any LEO who provides an affidavit that a trusted introducer > > is not in fact trusted (ie: cannot produce the records, or produces > > false records, regarding a key they signed). > > > >4. A trusted introducer may revoke their signature of any person's key > > that they have signed, in the event they discover that the key does > > not in fact belong to the person claimed or identification was > > falsified. > > > >When a key is invalidated the owner of the key is notified by email that > >their key was removed, and why (which of the above categories "happened"). > > > >A cancelled or revoked key is removed from the key ring, and is treated > >exactly as if it was never submitted to the system. > > > >To revoke a key as the owner of the key, send a PGP-signed request > >to "[email protected]". IF THE REQUEST IS NOT SIGNED OR THE SIGNATURE > >IS INVALID IT WILL BE IGNORED. Assuming that the signature is good, you > >will be notified by return email when the revocation is processed. > > > > > > > > > >IS THERE A COST FOR THIS? > > > >1. Individuals do not pay to list keys. However, INTRODUCERS may > > charge for signing a key (at their discretion) and maintaining > > the records necessary to comply with identification requests. > > > >2. Systems desiring a *direct* feed may be assessed a small charge > > to cover the operating expenses of the systems involved. NO CHARGE > > FOR THE FEED ITSELF IS MADE, NOR FOR THE PROCESSING - ONLY THE > > TRANSPORT. If you receive a feed of the cancels you are encouraged > > to propagate it to others on mutually-agreeable terms to others > > who are also willing to receive it. > > > > > > > >WHAT ABOUT PRIVACY ISSUES? > > > >1. The records of the clean-news system are EXPLICITLY public. > > Ergo, submitting a public key to the system constitutes > > publication of that key, and the fact that it is signed by one > > or more organizations and individuals. HOWEVER, that, alone, is > > worthless to an interloper. The email address on the key does NOT > > have to be valid, nor does the name - it must only map to a unique > > person at the SIGNER'S location which can be disclosed through > > their policies. As such, there is no privacy issue on the keyring > > used by the clean-news system ITSELF. > > > >2. Customers and users who have their keys signed by an introducer > > should make themselves aware of the privacy policies of the signer. > > IF YOU ARE NOT COMFORTABLE WITH THEIR PROCEDURES AND ASSURANCES, YOU > > SHOULD USE A DIFFERENT KEY SIGNER! > > > >-- > >-- > >Karl Denninger ([email protected]) http://www.mcs.net/~karl > >I ain't even *authorized* to speak for anyone other than myself, so give > >up now on trying to associate my words with any particular organization. > > > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Plain Aviation, Inc [email protected] > LAN/WAN/UNIX/NT/TCPIP http://www.av8.com > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ====================================================================== Derek J. Balling | "Bill Gates is a monocle and a white [email protected] | fluffy cat from being a villain in the http://www.megacity.org/ | next Bond film." - Dennis Miller ======================================================================
|