... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.misc

General topics about computers not cover

21,759 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 19,798 of 21,759

Rich to Johanne Fairchild

Re: If you were to design a netnews prot

14 Aug 24 03:44:45

   XPost: alt.fan.usenet   
   From: rich@example.invalid   
      
   In comp.misc Johanne Fairchild  wrote:   
   > Richard Kettlewell  writes:   
   >   
   >>> Just a thought experiment:   
   >>> if you could/had to make something like a NNTP 2.0 (with no need for   
   >>> backwards compatibility) and server and client software for it today, what   
   >>> would it be like?   
   >>> In terms of specifications, technologies used, user interface, etc.   
   >   
   > [...]   
   >   
   >>   * All messages signed by author and originating server (supporting   
   >>     reputation management)   
   >   
   > Can you elaborate on this?  You'd like to bind each message to the   
   > author-public-key and his NNTP server?  So that everyone who he is and   
   > which server he used?  (Can you give an example of how you'd do that?)   
      
   One possibility (which would inherit most if not all of the pgp/gpg   
   'key' distribution problem):   
      
   1) each user generates a gpg key pair they use for 'usenet2' posts.   
      
   2) user uploads public key to some "central source" for others to   
      retreive from [1] for 'validation' purposes.   
      
   3) user installs private half of key in their client software   
      
   4) for each post, user's client software 'signs' the message using the   
   private key, inserting the 'signature' into appropriate message   
   'headers' (note, there's a lot left unstated here, I'm spitballing, not   
   protocol designing).   
      
   5) each server also performs step 1 but there may not need to be a step   
   2 for a server /if/ the collective set of servers are the 'central'   
   storage of keys and the protocol has a way to supply a public key for   
   'server/user X' on demand.   
      
   6) for each post, from any user of serverX, serverX further signs the   
   message using the serverX private key and inserts the appropriate   
   message headers containing the "server signature" (note that here one   
   most likely wants this server sig.  to cover [and thus authenticate]   
   the user signature headers of the message).   
      
   The result, is that a recipient, should they choose to do so, can   
   verify that any given message was signed by serverX using the serverX   
   public key, and can further verify that the messge was signed by userX   
   of serverX via the userX of serverX public key.   
      
      
   [1] Do note that the 'central source' could be the collective set of   
   'usenet2' servers, provided there was a way to request the 'key' of   
   user 'X' from server 'Y'.  In which case #2 is "uploads public key to   
   their 'usenet2' server.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]