Newsgroups: news.admin
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: Forgeries: a suggestion for bringing them under control
Message-ID: <1988Feb1.130753.20144@utzoo.uucp>
Keywords: public key, forgery overhead
Organization: U of Toronto Zoology
References: <1861@epimass.EPI.COM>, <317@dsinc.UUCP>
Date: Mon, 1-Feb-88 13:07:42 EST

>   In a future release of the software add a check that each site when
>   receiving forwarded news check that the site prior in the path
>   matches the forwarder.

There are two problems with this.  First, it is not easy for the news
software to determine which site news arrived from; newer versions of uucp
do make some attempt to tell you, but old ones don't.  Second, and much
more fundamental, this thoroughly prevents forgery only if news security
is airtight on *all* machines.  Bearing in mind that would-be forgers
may be on loosely-administered machines (tight security takes effort!),
and that some of them may even be system administrators, there are just
too many potential leaks in this scheme for it to be worth the trouble.
Geoff and I looked at this in connection with moderated groups for C news,
and rejected it.
-- 
Those who do not understand Unix are |  Henry Spencer @ U of Toronto Zoology
condemned to reinvent it, poorly.    | {allegra,ihnp4,decvax,utai}!utzoo!henry