Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucsd!ogccse!cvedc!nosun!fpssun!celit!ps
From: ps@fps.com (Patricia Shanahan)
Newsgroups: news.admin
Subject: Re: Can a Newsgroup be Restricted...? (FOLLOW-UP)
Message-ID: <2440@celit.fps.com>
Date: 27 Oct 89 14:48:21 GMT
References: <352@cs.nps.navy.mil> <1989Oct25.162059.28776@utzoo.uucp>
Sender: daemon@fps.com
Reply-To: ps@fps.com (Patricia Shanahan)
Organization: FPS Computing Inc., San Diego CA
Lines: 34

In article <1989Oct25.162059.28776@utzoo.uucp> henry@utzoo.uucp (Henry Spencer) writes:
 >In article <352@cs.nps.navy.mil> jxxl@cs.nps.navy.mil (vibo) writes:
 >>This works like a charm on the news server. However, the catch is that
 >>access cannot be restricted by readers who use NNTP to come over the
 >>net. NNTP currently has no facility for identifying the user...
 >
 >This is actually a generic problem:  there is no reliable authentication
 >over most current networks.  (It's marginally feasible if you control all
 >machines on the network *and* have your gateways to the outside world do
 >fairly paranoid packet filtering, but that combination is rare.)  NNTP
 >per se is not to blame here.
 >-- 
 >A bit of tolerance is worth a  |     Henry Spencer at U of Toronto Zoology
 >megabyte of flaming.           | uunet!attcan!utzoo!henry henry@zoo.toronto.edu

I suspect that any attempt to introduce authentication may be
counter-productive. With the current system, anyone forging messages
to stuff a vote would not feel clever, because it would be so easy
that anyone could do it. If it was not impossible to stuff the
votes, but it took some significant amount of special knowledge and
cleverness to do so, I think it would be much more likely to happen.

This is based on a theory that at least one motive for computer
crime and cheating is a wish to feel clever. People who would not,
for example, destroy books in a library to which they have access
will destroy files in a computer to which they have access.

I do not think it can be made truly impossible to forge votes,
especially if the network is to retain a reasonable degree of
flexibility.
	Patricia Shanahan
	ps@fps.com
        uucp : {decvax!ucbvax || ihnp4 || philabs}!sdcsvax!celerity!ps
	phone: (619) 271-9940