|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Fri, 13 Nov 1998 16:11:01 -0800 (PST) From: Derek Balling <dredd@megacity.org> To: Dean Anderson <dean@av8.com> cc: jgarzik@pobox.com, nanog@merit.edu In-Reply-To: <3.0.32.19981113184534.00b03da4@odie.av8.com> Yeah, since Karl's not "the boss" at MCS anymore, it would be kinda amusing to have MCS get flooded with complaints that one of their users (Karl) was abusing the network. :) Wonder if that would be an appropriate use of the RBL? :) On Fri, 13 Nov 1998, Dean Anderson wrote: > Sheesh. I'm getting tired of increasingly large logs of cancels and > reposts. I think we should start treating all cancels that are sent out by > someone who is not a moderator or the original poster as an abuse. > > Anyone who cancels someone elses post who is not a moderator or the > original poster should lose their account/job at ISP/etc. > > So lets start sending in complaints... > > --Dean > > > At 02:20 PM 11/13/1998 -0500, Jeff Garzik wrote: > > > > > >Hey guys, this is a heads-up about Karl Denninger's new clean-news > >system. I haven't seen any posts on this list about it. His message > >describing the implementation is attached below, posted "publicly" on > >chi.internet. (skip the quoted stuff) > > > >Karl is about to send out cancel messages, cancelling _every_ Usenet > >binary that is not PGP-signed by someone registered with his system. > >He says that these cancels will only go out to people he explicitly > >peers with, and not Usenet at large. He then adds that what these > >peers do with the cancel msgs is their own business. > > > >Folks, the goal is good, but the implementation is bad. > > > >These cancel msgs will leak out to Usenet at large. History proves > >this; leaking of net.*, bofh.*, clari.*, etc. occurs all the time > >despite admins' best efforts. > > > >And when these cancels leak, every news server on Usenet will > >* suddenly be receiving _thousands_ of additional cancels, and > >* 99.9999% of the binaries out there will disappear from your servers. > > > >I do not want to be handling the support calls when this occurs. > > > >If you are interested in this issue, there is a discussion on > >news.admin.net-abuse.usenet, thread "Karl Denninger loses his marbles..." > > > >Or ask me, I'm more than happy to outline the technical ramifications > >of this, and why it's a bad idea, in more detail. I'll cut and paste > >from my e-mails to Karl. :) > > > > Jeff > > (news admin/consultant) > > > > > > > >P.S. Had mailer problems. Apologies if you are seeing this twice. > > > > > > > > > >>Path: > news.teleport.com!uunet!in3.uu.net!nntp.ntr.net!news.maxwell.syr.edu!news-xf > er.newsread.com!netaxs.com!newsread.com!news.mcs.net!ddsw1!news.mcs.net!not- > for-mail > >>From: karl@Denninger.Net (Karl Denninger) > >Newsgroups: chi.internet > >Subject: Re: MegsInet Newsgroup server > >Date: 12 Nov 1998 03:59:06 GMT > >Organization: Karls Sushi and Packet Smashers > >Message-ID: <72dmea$stt$1@Nntp1.mcs.net> > >References: <3647E943.3A3@spambusters.ml.org> <72dgku$jo6@enews4.newsguy.com> > >NNTP-Posting-Host: kdhome-2.pr.mcs.net > >X-Newsreader: trn 4.0-test69 (20 September 1998) > >Xref: news.teleport.com chi.internet:17477 > > > >In article <72dgku$jo6@enews4.newsguy.com>, > >Tommy the Terrorist <mayday@newsguy.com> wrote: > >>In article <3647E943.3A3@spambusters.ml.org> Clifton T. Sharp Jr., > >>agent150@spambusters.ml.org writes: > >>>There were some problems of late. One notable thing from the statistics > >>>is that we weren't getting our usual hundreds of thousands of articles > >>>from the MCI feed. Since C&W bought MCI's internet stuff, it seems like > >>>anything associated with the former MCI has gone straight to hell. It > >>>looks to me that as of now the problems are fixed; the newsgroups I follow > >>>have suddenly found hundreds of articles apiece. > >> > >>Who's kidding who? I presume you guys have heard of a certain asshole in > >>New York government (what a redundancy!) named Vacco? Presumably the > >>problem is the collective flushing of digital toilets now that ISP's have > >>become the new hunting ground for Evil Substances, etc. > >> > >>The problem with this particular war is that nothing short of a total > >>victory for the people, to keep anything and everything on ISP's, can > >>possibly prevent the state aggressors from eating away at free forums of > >>communications as fast as they can have their pet narks post child > >>pornography (with impunity) to anywhere they want the police to > >>"legitimately" attack and destroy. And if that happens, then the last > >>permitted forum of free speech in America, or damn near anywhere else, is > >>dead, and the only hope of humanity for political progress will be in > >>violence so unrestrained and universal that the smallest and weakest of > >>people have an equal power of destruction because it is unlimited for > >>all. And that is what inevitably will happen, unless something worse > >>happens. > > > >Read this. It solves the problem. > > > >And yes, this system WILL be going online. The software is already working. > > > > > > > >The "Clean-News" System > >======================= > > > >ABSTRACT: > > > >"Clean-News" is a means to identify the poster of binary data > >on Usenet, remove most illegal content, and create a presumption of > >accountability. > > > > > >IMPLEMENTATION - USER SIDE: > > > >The "Clean-News" servers will have a key-ring of PGP keys. Anyone wanting > >to post "unmolested" binaries does the following: > > > >1. Creates a PGP key for either 2.6.2 or 5.0 of the PGP software. > > > >2. Obtains, from the www.clean-news.org web site, a list of authorized > > signers of their PGP key. > > > >3. Contacts one of those signers, follows their procedures (which may > > include the payment of a fee), produces appropriate identification > > demanded by that signer, and gets their public key *signed* by that > > organization or individual. That is, the signer *vouches* for the > > authenticity of the key; that it belongs to the person who claims > > to be represented, that the email address associated with it is > > valid, and creates and maintains appropriate records to back up > > that assertion. > > > >4. Submits the SIGNED key to the clean-news.org system. > > > >This database (of signed keys) is PUBLIC. Anyone can query it given an > >article which is signed by said key and obtain the name, email address, > >AND SIGNER of the key in question. > > > >The person with the private key associated with the signed, public key > >is then free to post binaries on Usenet, and clean-news will not molest > >them. > > > > > >IMPLEMENTATION - SERVER SIDE: > > > >The "clean-news" system obtains a feed from major backbone sites. It > >accepts all articles sent to it and maintains no database. It speaks > >both the older "ihave" protocol as well as the "check/takethis" newer > >NNTP protocol. > > > >Upon receipt of an article, the software checks to see if the posting > >contains binary data. It looks for common encoding formats - UUENCODE > >and MIME image data, primarily. > > > >Textual messages are ignored. > > > >Binary messages are run through the PGP software, and the output of > >the PGP verification process is read back. This process returns one > >of several results: > > > >1. No signature on the file at all. > > > >2. A signature is on the file, but the key ID is not known. > > > >3. A signature is on the file, and the key is known, but it is > > not certified as "trusted". > > > >4. A signature is on the file, is valid, and the key is both > > known and has a level of trust associated with it. > > > >In cases 1 - 3, the clean-news system emits a cancel message for the article > >in question immediately upon receipt. It does this by following the > >convention established for NOCEMs and other "spam cancels"; that is, it > >prepends "cancel." to the Message ID, and emits the cancel with this > >synthetic message Id. It also returns the posting with the system > >identification "clean-news" in the PATH line to permit aliasing out > >of the clean-news feed by those site admins who do not want the cancels. > > > >In case 4, the binary is ignored, as textual messages are. > > > > > >IMPLICATIONS - USENET SITE ADMINS READ THIS: > > > >1. If you DO NOT want the "Clean-News" cancels, you should alias out > > the site "clean-news" from your Usenet software. Note that doing > > this will REMOVE any presumption that you would otherwise gain > > by ACCEPTING this feed. > > > >2. If you DO want the "Clean-News" cancels, then do nothing, and > > further, contact your upstream News peers and insure that THEY > > are not aliasing out the feed. > > > >3. If you CANNOT obtain these cancels (because all your upstreams > > are aliasing them out), or if you want the BEST possible feed, > > contact feedme@clean-news.org by email. You will receive in > > response an automated email detailing how to obtain a direct > > feed of the clean-news cancels. > > > > Note that this feed is rather low in volume - while it emits > > MANY cancels, they are small articles. You MUST BE able to > > keep up with this feed - the feed software will NOT keep > > articles for more than a few hours before it "junks" them. > > The feed will come to you via a Diablo feed system and is > > UNIDIRECTIONAL. Attempting to connect back to the Diablo > > machine will fail. > > > >4. If you want to pass these cancels on to your PEERS, be advised > > that some of them may consider this service to be a "bad thing". > > I recommend, but obviously cannot enforce, that such is noticed > > to your peers so they may alias out the feed if they do not > > want it. > > > > > > > >WHAT DOES THIS MEAN TO POSTERS: > > > >1. The use of a valid key creates a *presumption*, but not proof, > > that the poster really is who they said they are. That is, enough > > to get a search warrant. If Kiddie Porn shows up with a signature, > > the TRUSTED SIGNER of the key is determinable. That signer must, > > to be considered a trusted signer, keep records suitable for > > interrogation based on a published policy (ie: "serve us with a > > subpoena", etc). > > > > The LEO in question then asks the signer for the data, and complies > > with the policy they have set (which may include obtaining a warrant > > and/or subpoena). They then get a search warrant for the alleged > > perpetrator of the transmission, and see if in fact the material > > in question is being emitted there using standard forensic > > techniques. > > > >2. LEGITIMATE binary posters have nothing to fear. Anonymous binaries > > get cancelled instantly, as do any which are unauthenticated. > > Those which ARE authenticated are free to be posted, but your > > identity is known, its undeniably yours (since it WAS your private > > key used to sign the article) and if you post something "naughty" > > the LEOs have all they need to come after you. > > > > > > > >WHAT ARE MY RESPONSIBILITIES AS A USER OF THIS SYSTEM WHO SUBMITS A KEY? > > > >Your primary responsibility is to PROTECT YOUR PRIVATE KEY. It is > >*STRONGLY* recommended that you keep this key on a protected, safe, > >removable device (such as a floppy with write-protect enabled) and NOT > >let it out of your personal control. > > > >If your PRIVATE key is COMPROMISED (ie: you lose the disk, you have reason > >to believe someone has stolen a copy of the key file, etc) you should > >IMMEDIATELY contact the introducer (the organization or person you had sign > >the key) *AND* the clean-news system at "revoke@clean-news.org" by email. > >When you contact the clean-news system, SIGN YOUR REVOCATION REQUEST. > >DO NOT send anything other than a revocation request to the above address. > >NOTE THAT REVOCATION OF A KEY IS PERMANENT AND CANNOT BE REVERSED. > >You should ALSO immediately revoke the key from any other key rings > >that you may have registered this key with. > > > >Note that ANY message signed with your key will be PRESUMED to be issued > >by you *PERSONALLY*. For this reason you should take EXTREME care with > >your private key. If it is stolen and used for illicit purposes those > >transactions will be traced to *YOU*, and you could find yourself under > >investigation by either civil or criminal authorities for something you > >have not done. > > > > > > > >HOW DO YOU REVOKE A KEY IF IT IS COMPROMISED? > > > >Keys may be revoked by: > > > >1. The person who owns it at any time (ie; "I lost my key disk"). > > > >2. Any LEO who provides an affidavit that said key was used to > > post copyrighted or otherwise illegal material. > > > >3. Any LEO who provides an affidavit that a trusted introducer > > is not in fact trusted (ie: cannot produce the records, or produces > > false records, regarding a key they signed). > > > >4. A trusted introducer may revoke their signature of any person's key > > that they have signed, in the event they discover that the key does > > not in fact belong to the person claimed or identification was > > falsified. > > > >When a key is invalidated the owner of the key is notified by email that > >their key was removed, and why (which of the above categories "happened"). > > > >A cancelled or revoked key is removed from the key ring, and is treated > >exactly as if it was never submitted to the system. > > > >To revoke a key as the owner of the key, send a PGP-signed request > >to "revoke@clean-news.org". IF THE REQUEST IS NOT SIGNED OR THE SIGNATURE > >IS INVALID IT WILL BE IGNORED. Assuming that the signature is good, you > >will be notified by return email when the revocation is processed. > > > > > > > > > >IS THERE A COST FOR THIS? > > > >1. Individuals do not pay to list keys. However, INTRODUCERS may > > charge for signing a key (at their discretion) and maintaining > > the records necessary to comply with identification requests. > > > >2. Systems desiring a *direct* feed may be assessed a small charge > > to cover the operating expenses of the systems involved. NO CHARGE > > FOR THE FEED ITSELF IS MADE, NOR FOR THE PROCESSING - ONLY THE > > TRANSPORT. If you receive a feed of the cancels you are encouraged > > to propagate it to others on mutually-agreeable terms to others > > who are also willing to receive it. > > > > > > > >WHAT ABOUT PRIVACY ISSUES? > > > >1. The records of the clean-news system are EXPLICITLY public. > > Ergo, submitting a public key to the system constitutes > > publication of that key, and the fact that it is signed by one > > or more organizations and individuals. HOWEVER, that, alone, is > > worthless to an interloper. The email address on the key does NOT > > have to be valid, nor does the name - it must only map to a unique > > person at the SIGNER'S location which can be disclosed through > > their policies. As such, there is no privacy issue on the keyring > > used by the clean-news system ITSELF. > > > >2. Customers and users who have their keys signed by an introducer > > should make themselves aware of the privacy policies of the signer. > > IF YOU ARE NOT COMFORTABLE WITH THEIR PROCEDURES AND ASSURANCES, YOU > > SHOULD USE A DIFFERENT KEY SIGNER! > > > >-- > >-- > >Karl Denninger (karl@denninger.net) http://www.mcs.net/~karl > >I ain't even *authorized* to speak for anyone other than myself, so give > >up now on trying to associate my words with any particular organization. > > > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Plain Aviation, Inc dean@av8.com > LAN/WAN/UNIX/NT/TCPIP http://www.av8.com > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ====================================================================== Derek J. Balling | "Bill Gates is a monocle and a white dredd@megacity.org | fluffy cat from being a villain in the http://www.megacity.org/ | next Bond film." - Dennis Miller ======================================================================
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |