[118817] in Cypherpunks
Re: {Proposal} alt.lies.scientology
daemon@ATHENA.MIT.EDU (Igor Chudov @ home)
Fri Oct 8 15:59:29 1999
Date: Fri, 8 Oct 1999 14:32:39 -0500
From: "Igor Chudov @ home" <ichudov@Algebra.Com>
To: cypherpunks@Algebra.Com
Message-Id: <slrn7vshmm.ii0.igor@manifold.algebra.com>
Posted-To: alt.config,news.groups
Reply-To: "Igor Chudov @ home" <ichudov@Algebra.Com>
[This message has also been posted.]
Jay Denebeim <denebeim@deepthot.aurora.co.us> wrote:
* In article <38202ff6.586993502@news.eclipsetel.com>,
* D.Maxwell <maxwell@colocateusa.com> wrote:
*
* >I didn't have the original intentions of moderation, but now I do.
* >the software I plan on using is STUMPS.
*
* You arn't seriously considering moderating this group by hand are you?
* A whitelist isn't going to work in this case, they're already forging
* everybodie's name. You'll either need some custom software or hand
* moderation.
STUMP provides an option of accepting only posts digitally signed by PGP.
It can be enforced either for everyone accross the board, or on the
per-poster basis. In other words, a STUMP user can set it up so that no
posts from anyone without a valid PGP signature will ever be approved,
or that posts from certain listed posters will not be accepted unless
they carry a proper signature.
The across the board option is set by WHITELIST_MUST_SIGN=yes option,
and the per-person list is the pgp.must.list.
So, the whitelist will work just fine if the PGP option is used
properly.
This functionality was a part of STUMP from the beginning, as I
specifically considered a threat of forgery/sporgery to be something to be
protected against. Dr. Dimitri Vulis KOTM is an exceptionally intelligent
man who is aprofessional cryptographer, and I had to build my modbot such
that it is mathematically provable that even an exceptionaly intelligent
cryptographer could not circumvent at least some of its communications
and protections. (he also made a few good suggestions during its design)
I personally think that it is a very awesome functionality.
Due to the nature of crypto protection, the very possibility of its
deployment makes forgers/sporgers disinterested in attacking the
newsgroup. So it is possible that he will never need to activate it
if the sporgers know that it is there.
STUMP has a few cryptography-related functions built in, and this one
is one of them. PGPMoose is another.
A word of warning: any cryptographic/password based forgery protection
scheme has a downside: it diminishes "plausible deniability". In other
words, it becomes easier to prove that user xyz@abc.com wrote something.
But, as long as an email address is not linked to a real life identity,
there is no problem. You cannot sue an email adress.
This cryptographic protection scheme works especially neatly with
anonymous remailers and true anonymity, in ways that give anonymous
posters an identity that is separate from their RL identity, or even
their email address, and yet is not spoofable.
----------------------------------------------------------------------------
char*p="char*p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
http://www.algebra.com/~ichudov
