Hold on to your news servers
Dean Anderson
dean at av8.com
Fri Nov 13 23:57:47 UTC 1998
Sheesh. I'm getting tired of increasingly large logs of cancels and
reposts. I think we should start treating all cancels that are sent out by
someone who is not a moderator or the original poster as an abuse.
Anyone who cancels someone elses post who is not a moderator or the
original poster should lose their account/job at ISP/etc.
So lets start sending in complaints...
--Dean
At 02:20 PM 11/13/1998 -0500, Jeff Garzik wrote:
>
>
>Hey guys, this is a heads-up about Karl Denninger's new clean-news
>system. I haven't seen any posts on this list about it. His message
>describing the implementation is attached below, posted "publicly" on
>chi.internet. (skip the quoted stuff)
>
>Karl is about to send out cancel messages, cancelling _every_ Usenet
>binary that is not PGP-signed by someone registered with his system.
>He says that these cancels will only go out to people he explicitly
>peers with, and not Usenet at large. He then adds that what these
>peers do with the cancel msgs is their own business.
>
>Folks, the goal is good, but the implementation is bad.
>
>These cancel msgs will leak out to Usenet at large. History proves
>this; leaking of net.*, bofh.*, clari.*, etc. occurs all the time
>despite admins' best efforts.
>
>And when these cancels leak, every news server on Usenet will
>* suddenly be receiving _thousands_ of additional cancels, and
>* 99.9999% of the binaries out there will disappear from your servers.
>
>I do not want to be handling the support calls when this occurs.
>
>If you are interested in this issue, there is a discussion on
>news.admin.net-abuse.usenet, thread "Karl Denninger loses his marbles..."
>
>Or ask me, I'm more than happy to outline the technical ramifications
>of this, and why it's a bad idea, in more detail. I'll cut and paste
>from my e-mails to Karl. :)
>
> Jeff
> (news admin/consultant)
>
>
>
>P.S. Had mailer problems. Apologies if you are seeing this twice.
>
>
>
>
>>Path:
news.teleport.com!uunet!in3.uu.net!nntp.ntr.net!news.maxwell.syr.edu!news-xf
er.newsread.com!netaxs.com!newsread.com!news.mcs.net!ddsw1!news.mcs.net!not-
for-mail
>>From: karl at Denninger.Net (Karl Denninger)
>Newsgroups: chi.internet
>Subject: Re: MegsInet Newsgroup server
>Date: 12 Nov 1998 03:59:06 GMT
>Organization: Karls Sushi and Packet Smashers
>Message-ID: <72dmea$stt$1 at Nntp1.mcs.net>
>References: <3647E943.3A3 at spambusters.ml.org> <72dgku$jo6 at enews4.newsguy.com>
>NNTP-Posting-Host: kdhome-2.pr.mcs.net
>X-Newsreader: trn 4.0-test69 (20 September 1998)
>Xref: news.teleport.com chi.internet:17477
>
>In article <72dgku$jo6 at enews4.newsguy.com>,
>Tommy the Terrorist <mayday at newsguy.com> wrote:
>>In article <3647E943.3A3 at spambusters.ml.org> Clifton T. Sharp Jr.,
>>agent150 at spambusters.ml.org writes:
>>>There were some problems of late. One notable thing from the statistics
>>>is that we weren't getting our usual hundreds of thousands of articles
>>>from the MCI feed. Since C&W bought MCI's internet stuff, it seems like
>>>anything associated with the former MCI has gone straight to hell. It
>>>looks to me that as of now the problems are fixed; the newsgroups I follow
>>>have suddenly found hundreds of articles apiece.
>>
>>Who's kidding who? I presume you guys have heard of a certain asshole in
>>New York government (what a redundancy!) named Vacco? Presumably the
>>problem is the collective flushing of digital toilets now that ISP's have
>>become the new hunting ground for Evil Substances, etc.
>>
>>The problem with this particular war is that nothing short of a total
>>victory for the people, to keep anything and everything on ISP's, can
>>possibly prevent the state aggressors from eating away at free forums of
>>communications as fast as they can have their pet narks post child
>>pornography (with impunity) to anywhere they want the police to
>>"legitimately" attack and destroy. And if that happens, then the last
>>permitted forum of free speech in America, or damn near anywhere else, is
>>dead, and the only hope of humanity for political progress will be in
>>violence so unrestrained and universal that the smallest and weakest of
>>people have an equal power of destruction because it is unlimited for
>>all. And that is what inevitably will happen, unless something worse
>>happens.
>
>Read this. It solves the problem.
>
>And yes, this system WILL be going online. The software is already working.
>
>
>
>The "Clean-News" System
>=======================
>
>ABSTRACT:
>
>"Clean-News" is a means to identify the poster of binary data
>on Usenet, remove most illegal content, and create a presumption of
>accountability.
>
>
>IMPLEMENTATION - USER SIDE:
>
>The "Clean-News" servers will have a key-ring of PGP keys. Anyone wanting
>to post "unmolested" binaries does the following:
>
>1. Creates a PGP key for either 2.6.2 or 5.0 of the PGP software.
>
>2. Obtains, from the www.clean-news.org web site, a list of authorized
> signers of their PGP key.
>
>3. Contacts one of those signers, follows their procedures (which may
> include the payment of a fee), produces appropriate identification
> demanded by that signer, and gets their public key *signed* by that
> organization or individual. That is, the signer *vouches* for the
> authenticity of the key; that it belongs to the person who claims
> to be represented, that the email address associated with it is
> valid, and creates and maintains appropriate records to back up
> that assertion.
>
>4. Submits the SIGNED key to the clean-news.org system.
>
>This database (of signed keys) is PUBLIC. Anyone can query it given an
>article which is signed by said key and obtain the name, email address,
>AND SIGNER of the key in question.
>
>The person with the private key associated with the signed, public key
>is then free to post binaries on Usenet, and clean-news will not molest
>them.
>
>
>IMPLEMENTATION - SERVER SIDE:
>
>The "clean-news" system obtains a feed from major backbone sites. It
>accepts all articles sent to it and maintains no database. It speaks
>both the older "ihave" protocol as well as the "check/takethis" newer
>NNTP protocol.
>
>Upon receipt of an article, the software checks to see if the posting
>contains binary data. It looks for common encoding formats - UUENCODE
>and MIME image data, primarily.
>
>Textual messages are ignored.
>
>Binary messages are run through the PGP software, and the output of
>the PGP verification process is read back. This process returns one
>of several results:
>
>1. No signature on the file at all.
>
>2. A signature is on the file, but the key ID is not known.
>
>3. A signature is on the file, and the key is known, but it is
> not certified as "trusted".
>
>4. A signature is on the file, is valid, and the key is both
> known and has a level of trust associated with it.
>
>In cases 1 - 3, the clean-news system emits a cancel message for the article
>in question immediately upon receipt. It does this by following the
>convention established for NOCEMs and other "spam cancels"; that is, it
>prepends "cancel." to the Message ID, and emits the cancel with this
>synthetic message Id. It also returns the posting with the system
>identification "clean-news" in the PATH line to permit aliasing out
>of the clean-news feed by those site admins who do not want the cancels.
>
>In case 4, the binary is ignored, as textual messages are.
>
>
>IMPLICATIONS - USENET SITE ADMINS READ THIS:
>
>1. If you DO NOT want the "Clean-News" cancels, you should alias out
> the site "clean-news" from your Usenet software. Note that doing
> this will REMOVE any presumption that you would otherwise gain
> by ACCEPTING this feed.
>
>2. If you DO want the "Clean-News" cancels, then do nothing, and
> further, contact your upstream News peers and insure that THEY
> are not aliasing out the feed.
>
>3. If you CANNOT obtain these cancels (because all your upstreams
> are aliasing them out), or if you want the BEST possible feed,
> contact feedme at clean-news.org by email. You will receive in
> response an automated email detailing how to obtain a direct
> feed of the clean-news cancels.
>
> Note that this feed is rather low in volume - while it emits
> MANY cancels, they are small articles. You MUST BE able to
> keep up with this feed - the feed software will NOT keep
> articles for more than a few hours before it "junks" them.
> The feed will come to you via a Diablo feed system and is
> UNIDIRECTIONAL. Attempting to connect back to the Diablo
> machine will fail.
>
>4. If you want to pass these cancels on to your PEERS, be advised
> that some of them may consider this service to be a "bad thing".
> I recommend, but obviously cannot enforce, that such is noticed
> to your peers so they may alias out the feed if they do not
> want it.
>
>
>
>WHAT DOES THIS MEAN TO POSTERS:
>
>1. The use of a valid key creates a *presumption*, but not proof,
> that the poster really is who they said they are. That is, enough
> to get a search warrant. If Kiddie Porn shows up with a signature,
> the TRUSTED SIGNER of the key is determinable. That signer must,
> to be considered a trusted signer, keep records suitable for
> interrogation based on a published policy (ie: "serve us with a
> subpoena", etc).
>
> The LEO in question then asks the signer for the data, and complies
> with the policy they have set (which may include obtaining a warrant
> and/or subpoena). They then get a search warrant for the alleged
> perpetrator of the transmission, and see if in fact the material
> in question is being emitted there using standard forensic
> techniques.
>
>2. LEGITIMATE binary posters have nothing to fear. Anonymous binaries
> get cancelled instantly, as do any which are unauthenticated.
> Those which ARE authenticated are free to be posted, but your
> identity is known, its undeniably yours (since it WAS your private
> key used to sign the article) and if you post something "naughty"
> the LEOs have all they need to come after you.
>
>
>
>WHAT ARE MY RESPONSIBILITIES AS A USER OF THIS SYSTEM WHO SUBMITS A KEY?
>
>Your primary responsibility is to PROTECT YOUR PRIVATE KEY. It is
>*STRONGLY* recommended that you keep this key on a protected, safe,
>removable device (such as a floppy with write-protect enabled) and NOT
>let it out of your personal control.
>
>If your PRIVATE key is COMPROMISED (ie: you lose the disk, you have reason
>to believe someone has stolen a copy of the key file, etc) you should
>IMMEDIATELY contact the introducer (the organization or person you had sign
>the key) *AND* the clean-news system at "revoke at clean-news.org" by email.
>When you contact the clean-news system, SIGN YOUR REVOCATION REQUEST.
>DO NOT send anything other than a revocation request to the above address.
>NOTE THAT REVOCATION OF A KEY IS PERMANENT AND CANNOT BE REVERSED.
>You should ALSO immediately revoke the key from any other key rings
>that you may have registered this key with.
>
>Note that ANY message signed with your key will be PRESUMED to be issued
>by you *PERSONALLY*. For this reason you should take EXTREME care with
>your private key. If it is stolen and used for illicit purposes those
>transactions will be traced to *YOU*, and you could find yourself under
>investigation by either civil or criminal authorities for something you
>have not done.
>
>
>
>HOW DO YOU REVOKE A KEY IF IT IS COMPROMISED?
>
>Keys may be revoked by:
>
>1. The person who owns it at any time (ie; "I lost my key disk").
>
>2. Any LEO who provides an affidavit that said key was used to
> post copyrighted or otherwise illegal material.
>
>3. Any LEO who provides an affidavit that a trusted introducer
> is not in fact trusted (ie: cannot produce the records, or produces
> false records, regarding a key they signed).
>
>4. A trusted introducer may revoke their signature of any person's key
> that they have signed, in the event they discover that the key does
> not in fact belong to the person claimed or identification was
> falsified.
>
>When a key is invalidated the owner of the key is notified by email that
>their key was removed, and why (which of the above categories "happened").
>
>A cancelled or revoked key is removed from the key ring, and is treated
>exactly as if it was never submitted to the system.
>
>To revoke a key as the owner of the key, send a PGP-signed request
>to "revoke at clean-news.org". IF THE REQUEST IS NOT SIGNED OR THE SIGNATURE
>IS INVALID IT WILL BE IGNORED. Assuming that the signature is good, you
>will be notified by return email when the revocation is processed.
>
>
>
>
>IS THERE A COST FOR THIS?
>
>1. Individuals do not pay to list keys. However, INTRODUCERS may
> charge for signing a key (at their discretion) and maintaining
> the records necessary to comply with identification requests.
>
>2. Systems desiring a *direct* feed may be assessed a small charge
> to cover the operating expenses of the systems involved. NO CHARGE
> FOR THE FEED ITSELF IS MADE, NOR FOR THE PROCESSING - ONLY THE
> TRANSPORT. If you receive a feed of the cancels you are encouraged
> to propagate it to others on mutually-agreeable terms to others
> who are also willing to receive it.
>
>
>
>WHAT ABOUT PRIVACY ISSUES?
>
>1. The records of the clean-news system are EXPLICITLY public.
> Ergo, submitting a public key to the system constitutes
> publication of that key, and the fact that it is signed by one
> or more organizations and individuals. HOWEVER, that, alone, is
> worthless to an interloper. The email address on the key does NOT
> have to be valid, nor does the name - it must only map to a unique
> person at the SIGNER'S location which can be disclosed through
> their policies. As such, there is no privacy issue on the keyring
> used by the clean-news system ITSELF.
>
>2. Customers and users who have their keys signed by an introducer
> should make themselves aware of the privacy policies of the signer.
> IF YOU ARE NOT COMFORTABLE WITH THEIR PROCEDURES AND ASSURANCES, YOU
> SHOULD USE A DIFFERENT KEY SIGNER!
>
>--
>--
>Karl Denninger (karl at denninger.net) http://www.mcs.net/~karl
>I ain't even *authorized* to speak for anyone other than myself, so give
>up now on trying to associate my words with any particular organization.
>
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Plain Aviation, Inc dean at av8.com
LAN/WAN/UNIX/NT/TCPIP http://www.av8.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
More information about the NANOG
mailing list