Path: utzoo!mnetor!uunet!epiwrl!epimass!jbuck From: jbuck@epimass.EPI.COM (Joe Buck) Newsgroups: news.admin Subject: Forgeries: a suggestion for bringing them under control Message-ID: <1861@epimass.EPI.COM> Date: 24 Jan 88 21:55:02 GMT Organization: Entropic Processing, Inc., Cupertino, CA Lines: 41 Lately, the net has suffered because of a rash of forgeries. Controversial posters such as Mark Ethan Smith and Matt Weiner have been the main victims so far, and I know that neither of these people is wildly popular with news administrators, but the latest incident -- a forged newgroup message pretending to be from Gene Spafford -- should give us all pause. If we don't stomp hard on this now, the net will never be the same again. One of the things I like about the net is the ability to get the definitive word from somebody like Dennis Ritchie. If the current trend continues, you'll no longer have any confidence whether that was the real Dennis Ritchie or an imposter. And the flame wars will be endless. Some suggested administrative steps: 1) If you get caught forging a message impersonating another poster, except for April Fool's day which we'll continue to allow as a day to fool around a bit, you're off the net, forever. Sites not enforcing this rule (after being asked to) lose their feed. I don't see how anything less than the net equivalent of the death penalty is going to suffice considering how hard it is to catch someone. 2) If a knowledgeable news administrator sees a message with a forged Approved: header or other such shenanigans, that news administrator can (and should be encouraged to) issue a forged Cancel message, but the text of the cancel message should contain the true name of the person doing this and an explanation of why it's being done. 3) We all make a more concerted effort to track down forgeries and then apply rule #1. I had an idea for a partial software solution that would just install checks at backbone sites (bypassing the problem of getting everyone to update their software) but it requires more thought. The idea would be that there are "registered users" who have keys distributed to all the backbone sites, and articles from, or approved by, these users would be checked, and rejected if the check fails. This would prevent forgeries from propogating beyond the backbone. If I ever get it cleaned up I'll propose it. -- - Joe Buck {uunet,ucbvax,sun,}!epimass.epi.com!jbuck Old Internet mailers: jbuck%epimass.epi.com@uunet.uu.net