Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!plaid!chuq From: chuq@plaid.Sun.COM (Chuq Von Rospach) Newsgroups: news.admin Subject: Re: Forgeries: a suggestion for bringing them under control Message-ID: <39832@sun.uucp> Date: 25 Jan 88 04:28:48 GMT References: <1861@epimass.EPI.COM> Sender: news@sun.uucp Reply-To: chuq@sun.UUCP (Chuq Von Rospach) Organization: Fictional Reality, uLtd Lines: 87 >And the flame wars will be endless. Some would claim they already are, but that's beside the point. >Some suggested administrative steps: >1) If you get caught forging a message impersonating another poster, >except for April Fool's day which we'll continue to allow as a day to >fool around a bit, you're off the net, forever. Sites not enforcing >this rule (after being asked to) lose their feed. Um, this nice, but how to you plan on enforcing it? You going to fly out and personally dismember their modem? (that, by the way, would be a criminal act. I don't condone it, even when justified). You going to hold your breath and turn blue until they do what you want? This even assumes that you can figure out who did it, which I'll claim isn't likely, and be able to prove it to someone in authority, which I'll claim is even sillier -- and you can find someone in authority who cares. >2) If a knowledgeable news administrator sees a message with a forged >Approved: header or other such shenanigans, that news administrator >can (and should be encouraged to) issue a forged Cancel message, but >the text of the cancel message should contain the true name of the >person doing this and an explanation of why it's being done. This assumes, of course, that the forged header doesn't also have the forged real name and the forged real explanation.... But then, we're expecting the forgers to play by the rules and do things that we can track down, like putting their names and phone numbers in the forged message. Here's an alternate set of rules I think is more workable. 1) All forged messages should have the name of the forger in them. They should have the word 'forgery' somewhere in the subject line. 2) All people who commit forgery will place a large, green and purple star on their forehead, so when we see them at usenix we'll know not to talk to them. 3) Any priest who hears of a Usenet forgery in confession shall immediately break his vows and post such knowledge to the net so the backbone can take appropriate action. 4) Forgers, in appropriate action, shall have their fingers cut off at the second knuckle, but only those fingers that it can be proven were used to type the actual message (you can do this by seeing what letters are in the message and what fingers caused them to be typed -- there is no reason to punish an innocent pinky, you know.) 5) Most important, sane, decent, mature people won't forge, because it's a stupid, immature and childish thing to do. The rest we have to live with, since Usenet is insecure and non-securable. 6) Folks who come up with plans to fix Usenet should look at the practicality and implementability of them (and realize that, since the net is going on 10 years old, and realize that since these problems aren't new, believe it or not, if there were simple, implementable plans to fix some of these problems, they would have been thought of and implemented before now). And, Joe, before you decide that I'm being exceptionally hard-ass at you, I'll just say that I've seen this proposal before many times. I've made it once, long ago. The practical reality of Usenet is that we tried a policy of getting malfunctioning sites off the net, and it's unenforcable. We're lucky to be able to FIND malfunctioning sites, much less someone in charge of them or someone upstream of them -- and the reality is, the upstream folks know they're malfunctioning, and don't care. Trying to track down and prove forgery is infinitely harder than that, and the upstream folks will STILL not care. It don't work. Unless you want to come up with a secure Usenet (and I've tried, and the security holes are a little too endemic in the design of the software -- to do it would require major changes in the transport layer that would make transferring news quite painful, especially at the current volume levels), you'll have to live with the idiots. chuq Chuq "Fixed in 4.0" Von Rospach chuq@sun.COM Delphi: CHUQ What do you mean 'You don't really want to hurt her?' I'm a Super-Villain! That's my Schtick!