North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Hold on to your news servers
It would be even more amusing given that it would be false (hint: I've had colocation offers from a number of places across the country). Since I know the people who own MCSNet, and further know that they can be just as much of a prick as I can, I suspect such complaints would get round-filed - especially given that they would be false. -- -- Karl Denninger ([email protected]) http://www.mcs.net/~karl I ain't even *authorized* to speak for anyone other than myself, so give up now on trying to associate my words with any particular organization. On Fri, Nov 13, 1998 at 04:11:01PM -0800, Derek Balling wrote: > Yeah, since Karl's not "the boss" at MCS anymore, it would be kinda > amusing to have MCS get flooded with complaints that one of their > users (Karl) was abusing the network. :) > > Wonder if that would be an appropriate use of the RBL? :) > > > > On Fri, 13 Nov 1998, Dean Anderson wrote: > > > Sheesh. I'm getting tired of increasingly large logs of cancels and > > reposts. I think we should start treating all cancels that are sent out by > > someone who is not a moderator or the original poster as an abuse. > > > > Anyone who cancels someone elses post who is not a moderator or the > > original poster should lose their account/job at ISP/etc. > > > > So lets start sending in complaints... > > > > --Dean > > > > > > At 02:20 PM 11/13/1998 -0500, Jeff Garzik wrote: > > > > > > > > >Hey guys, this is a heads-up about Karl Denninger's new clean-news > > >system. I haven't seen any posts on this list about it. His message > > >describing the implementation is attached below, posted "publicly" on > > >chi.internet. (skip the quoted stuff) > > > > > >Karl is about to send out cancel messages, cancelling _every_ Usenet > > >binary that is not PGP-signed by someone registered with his system. > > >He says that these cancels will only go out to people he explicitly > > >peers with, and not Usenet at large. He then adds that what these > > >peers do with the cancel msgs is their own business. > > > > > >Folks, the goal is good, but the implementation is bad. > > > > > >These cancel msgs will leak out to Usenet at large. History proves > > >this; leaking of net.*, bofh.*, clari.*, etc. occurs all the time > > >despite admins' best efforts. > > > > > >And when these cancels leak, every news server on Usenet will > > >* suddenly be receiving _thousands_ of additional cancels, and > > >* 99.9999% of the binaries out there will disappear from your servers. > > > > > >I do not want to be handling the support calls when this occurs. > > > > > >If you are interested in this issue, there is a discussion on > > >news.admin.net-abuse.usenet, thread "Karl Denninger loses his marbles..." > > > > > >Or ask me, I'm more than happy to outline the technical ramifications > > >of this, and why it's a bad idea, in more detail. I'll cut and paste > > >from my e-mails to Karl. :) > > > > > > Jeff > > > (news admin/consultant) > > > > > > > > > > > >P.S. Had mailer problems. Apologies if you are seeing this twice. > > > > > > > > > > > > > > >>Path: > > news.teleport.com!uunet!in3.uu.net!nntp.ntr.net!news.maxwell.syr.edu!news-xf > > er.newsread.com!netaxs.com!newsread.com!news.mcs.net!ddsw1!news.mcs.net!not- > > for-mail > > >>From: [email protected] (Karl Denninger) > > >Newsgroups: chi.internet > > >Subject: Re: MegsInet Newsgroup server > > >Date: 12 Nov 1998 03:59:06 GMT > > >Organization: Karls Sushi and Packet Smashers > > >Message-ID: <[email protected]> > > >References: <[email protected]> <[email protected]> > > >NNTP-Posting-Host: kdhome-2.pr.mcs.net > > >X-Newsreader: trn 4.0-test69 (20 September 1998) > > >Xref: news.teleport.com chi.internet:17477 > > > > > >In article <[email protected]>, > > >Tommy the Terrorist <[email protected]> wrote: > > >>In article <[email protected]> Clifton T. Sharp Jr., > > >>[email protected] writes: > > >>>There were some problems of late. One notable thing from the statistics > > >>>is that we weren't getting our usual hundreds of thousands of articles > > >>>from the MCI feed. Since C&W bought MCI's internet stuff, it seems like > > >>>anything associated with the former MCI has gone straight to hell. It > > >>>looks to me that as of now the problems are fixed; the newsgroups I follow > > >>>have suddenly found hundreds of articles apiece. > > >> > > >>Who's kidding who? I presume you guys have heard of a certain asshole in > > >>New York government (what a redundancy!) named Vacco? Presumably the > > >>problem is the collective flushing of digital toilets now that ISP's have > > >>become the new hunting ground for Evil Substances, etc. > > >> > > >>The problem with this particular war is that nothing short of a total > > >>victory for the people, to keep anything and everything on ISP's, can > > >>possibly prevent the state aggressors from eating away at free forums of > > >>communications as fast as they can have their pet narks post child > > >>pornography (with impunity) to anywhere they want the police to > > >>"legitimately" attack and destroy. And if that happens, then the last > > >>permitted forum of free speech in America, or damn near anywhere else, is > > >>dead, and the only hope of humanity for political progress will be in > > >>violence so unrestrained and universal that the smallest and weakest of > > >>people have an equal power of destruction because it is unlimited for > > >>all. And that is what inevitably will happen, unless something worse > > >>happens. > > > > > >Read this. It solves the problem. > > > > > >And yes, this system WILL be going online. The software is already working. > > > > > > > > > > > >The "Clean-News" System > > >======================= > > > > > >ABSTRACT: > > > > > >"Clean-News" is a means to identify the poster of binary data > > >on Usenet, remove most illegal content, and create a presumption of > > >accountability. > > > > > > > > >IMPLEMENTATION - USER SIDE: > > > > > >The "Clean-News" servers will have a key-ring of PGP keys. Anyone wanting > > >to post "unmolested" binaries does the following: > > > > > >1. Creates a PGP key for either 2.6.2 or 5.0 of the PGP software. > > > > > >2. Obtains, from the www.clean-news.org web site, a list of authorized > > > signers of their PGP key. > > > > > >3. Contacts one of those signers, follows their procedures (which may > > > include the payment of a fee), produces appropriate identification > > > demanded by that signer, and gets their public key *signed* by that > > > organization or individual. That is, the signer *vouches* for the > > > authenticity of the key; that it belongs to the person who claims > > > to be represented, that the email address associated with it is > > > valid, and creates and maintains appropriate records to back up > > > that assertion. > > > > > >4. Submits the SIGNED key to the clean-news.org system. > > > > > >This database (of signed keys) is PUBLIC. Anyone can query it given an > > >article which is signed by said key and obtain the name, email address, > > >AND SIGNER of the key in question. > > > > > >The person with the private key associated with the signed, public key > > >is then free to post binaries on Usenet, and clean-news will not molest > > >them. > > > > > > > > >IMPLEMENTATION - SERVER SIDE: > > > > > >The "clean-news" system obtains a feed from major backbone sites. It > > >accepts all articles sent to it and maintains no database. It speaks > > >both the older "ihave" protocol as well as the "check/takethis" newer > > >NNTP protocol. > > > > > >Upon receipt of an article, the software checks to see if the posting > > >contains binary data. It looks for common encoding formats - UUENCODE > > >and MIME image data, primarily. > > > > > >Textual messages are ignored. > > > > > >Binary messages are run through the PGP software, and the output of > > >the PGP verification process is read back. This process returns one > > >of several results: > > > > > >1. No signature on the file at all. > > > > > >2. A signature is on the file, but the key ID is not known. > > > > > >3. A signature is on the file, and the key is known, but it is > > > not certified as "trusted". > > > > > >4. A signature is on the file, is valid, and the key is both > > > known and has a level of trust associated with it. > > > > > >In cases 1 - 3, the clean-news system emits a cancel message for the article > > >in question immediately upon receipt. It does this by following the > > >convention established for NOCEMs and other "spam cancels"; that is, it > > >prepends "cancel." to the Message ID, and emits the cancel with this > > >synthetic message Id. It also returns the posting with the system > > >identification "clean-news" in the PATH line to permit aliasing out > > >of the clean-news feed by those site admins who do not want the cancels. > > > > > >In case 4, the binary is ignored, as textual messages are. > > > > > > > > >IMPLICATIONS - USENET SITE ADMINS READ THIS: > > > > > >1. If you DO NOT want the "Clean-News" cancels, you should alias out > > > the site "clean-news" from your Usenet software. Note that doing > > > this will REMOVE any presumption that you would otherwise gain > > > by ACCEPTING this feed. > > > > > >2. If you DO want the "Clean-News" cancels, then do nothing, and > > > further, contact your upstream News peers and insure that THEY > > > are not aliasing out the feed. > > > > > >3. If you CANNOT obtain these cancels (because all your upstreams > > > are aliasing them out), or if you want the BEST possible feed, > > > contact [email protected] by email. You will receive in > > > response an automated email detailing how to obtain a direct > > > feed of the clean-news cancels. > > > > > > Note that this feed is rather low in volume - while it emits > > > MANY cancels, they are small articles. You MUST BE able to > > > keep up with this feed - the feed software will NOT keep > > > articles for more than a few hours before it "junks" them. > > > The feed will come to you via a Diablo feed system and is > > > UNIDIRECTIONAL. Attempting to connect back to the Diablo > > > machine will fail. > > > > > >4. If you want to pass these cancels on to your PEERS, be advised > > > that some of them may consider this service to be a "bad thing". > > > I recommend, but obviously cannot enforce, that such is noticed > > > to your peers so they may alias out the feed if they do not > > > want it. > > > > > > > > > > > >WHAT DOES THIS MEAN TO POSTERS: > > > > > >1. The use of a valid key creates a *presumption*, but not proof, > > > that the poster really is who they said they are. That is, enough > > > to get a search warrant. If Kiddie Porn shows up with a signature, > > > the TRUSTED SIGNER of the key is determinable. That signer must, > > > to be considered a trusted signer, keep records suitable for > > > interrogation based on a published policy (ie: "serve us with a > > > subpoena", etc). > > > > > > The LEO in question then asks the signer for the data, and complies > > > with the policy they have set (which may include obtaining a warrant > > > and/or subpoena). They then get a search warrant for the alleged > > > perpetrator of the transmission, and see if in fact the material > > > in question is being emitted there using standard forensic > > > techniques. > > > > > >2. LEGITIMATE binary posters have nothing to fear. Anonymous binaries > > > get cancelled instantly, as do any which are unauthenticated. > > > Those which ARE authenticated are free to be posted, but your > > > identity is known, its undeniably yours (since it WAS your private > > > key used to sign the article) and if you post something "naughty" > > > the LEOs have all they need to come after you. > > > > > > > > > > > >WHAT ARE MY RESPONSIBILITIES AS A USER OF THIS SYSTEM WHO SUBMITS A KEY? > > > > > >Your primary responsibility is to PROTECT YOUR PRIVATE KEY. It is > > >*STRONGLY* recommended that you keep this key on a protected, safe, > > >removable device (such as a floppy with write-protect enabled) and NOT > > >let it out of your personal control. > > > > > >If your PRIVATE key is COMPROMISED (ie: you lose the disk, you have reason > > >to believe someone has stolen a copy of the key file, etc) you should > > >IMMEDIATELY contact the introducer (the organization or person you had sign > > >the key) *AND* the clean-news system at "[email protected]" by email. > > >When you contact the clean-news system, SIGN YOUR REVOCATION REQUEST. > > >DO NOT send anything other than a revocation request to the above address. > > >NOTE THAT REVOCATION OF A KEY IS PERMANENT AND CANNOT BE REVERSED. > > >You should ALSO immediately revoke the key from any other key rings > > >that you may have registered this key with. > > > > > >Note that ANY message signed with your key will be PRESUMED to be issued > > >by you *PERSONALLY*. For this reason you should take EXTREME care with > > >your private key. If it is stolen and used for illicit purposes those > > >transactions will be traced to *YOU*, and you could find yourself under > > >investigation by either civil or criminal authorities for something you > > >have not done. > > > > > > > > > > > >HOW DO YOU REVOKE A KEY IF IT IS COMPROMISED? > > > > > >Keys may be revoked by: > > > > > >1. The person who owns it at any time (ie; "I lost my key disk"). > > > > > >2. Any LEO who provides an affidavit that said key was used to > > > post copyrighted or otherwise illegal material. > > > > > >3. Any LEO who provides an affidavit that a trusted introducer > > > is not in fact trusted (ie: cannot produce the records, or produces > > > false records, regarding a key they signed). > > > > > >4. A trusted introducer may revoke their signature of any person's key > > > that they have signed, in the event they discover that the key does > > > not in fact belong to the person claimed or identification was > > > falsified. > > > > > >When a key is invalidated the owner of the key is notified by email that > > >their key was removed, and why (which of the above categories "happened"). > > > > > >A cancelled or revoked key is removed from the key ring, and is treated > > >exactly as if it was never submitted to the system. > > > > > >To revoke a key as the owner of the key, send a PGP-signed request > > >to "[email protected]". IF THE REQUEST IS NOT SIGNED OR THE SIGNATURE > > >IS INVALID IT WILL BE IGNORED. Assuming that the signature is good, you > > >will be notified by return email when the revocation is processed. > > > > > > > > > > > > > > >IS THERE A COST FOR THIS? > > > > > >1. Individuals do not pay to list keys. However, INTRODUCERS may > > > charge for signing a key (at their discretion) and maintaining > > > the records necessary to comply with identification requests. > > > > > >2. Systems desiring a *direct* feed may be assessed a small charge > > > to cover the operating expenses of the systems involved. NO CHARGE > > > FOR THE FEED ITSELF IS MADE, NOR FOR THE PROCESSING - ONLY THE > > > TRANSPORT. If you receive a feed of the cancels you are encouraged > > > to propagate it to others on mutually-agreeable terms to others > > > who are also willing to receive it. > > > > > > > > > > > >WHAT ABOUT PRIVACY ISSUES? > > > > > >1. The records of the clean-news system are EXPLICITLY public. > > > Ergo, submitting a public key to the system constitutes > > > publication of that key, and the fact that it is signed by one > > > or more organizations and individuals. HOWEVER, that, alone, is > > > worthless to an interloper. The email address on the key does NOT > > > have to be valid, nor does the name - it must only map to a unique > > > person at the SIGNER'S location which can be disclosed through > > > their policies. As such, there is no privacy issue on the keyring > > > used by the clean-news system ITSELF. > > > > > >2. Customers and users who have their keys signed by an introducer > > > should make themselves aware of the privacy policies of the signer. > > > IF YOU ARE NOT COMFORTABLE WITH THEIR PROCEDURES AND ASSURANCES, YOU > > > SHOULD USE A DIFFERENT KEY SIGNER! > > > > > >-- > > >-- > > >Karl Denninger ([email protected]) http://www.mcs.net/~karl > > >I ain't even *authorized* to speak for anyone other than myself, so give > > >up now on trying to associate my words with any particular organization. > > > > > > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Plain Aviation, Inc [email protected] > > LAN/WAN/UNIX/NT/TCPIP http://www.av8.com > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > > ====================================================================== > Derek J. Balling | "Bill Gates is a monocle and a white > [email protected] | fluffy cat from being a villain in the > http://www.megacity.org/ | next Bond film." - Dennis Miller > ====================================================================== >
|