[INN] #33: Support Cancel-Lock

INN rra at stanford.edu
Sun Dec 14 07:14:54 UTC 2008


#33: Support Cancel-Lock
-------------------------+--------------------------------------------------
 Reporter:  eagle        |       Owner:  eagle
     Type:  enhancement  |      Status:  new  
 Priority:  low          |   Milestone:       
Component:  general      |     Version:       
 Severity:  wishlist     |    Keywords:       
-------------------------+--------------------------------------------------
 Cancel-Lock was a draft for a way to authenticate cancels
 cryptographically, the idea being that all articles would contain
 challenges that could only be met by the person knowing the original
 challenge secret.  A cancel would then only be honored if it had the
 answer to the challenge in the article.

 Abuse of cancels has dropped considerably and the Cancel-Lock protocol
 never made it to an RFC, but it may still be worth looking at supporting
 this in INN.

 The first attached approach is from Andreas Barth.  It has the following
 features:

  * A user can only post cancels for articles that are local posted or were
 originally generated and canceled by a cancel-lock enabled newsreader. The
 administrator may however allow users in readers.conf to post cancels for
 every article.

  * The patch adds just a very small burden on accepting articles and
 cancels with post and almost no burden at all for transferring articles.

  * Any news system could detect whether a cancel for an article
 originating at your site is fraud.

 The patch does the following:

  * if a article is posted, - unless existing - a user cancel lock is
 added, and always an admin cancel lock is added.

  * if a cancel (oder supersedes) is posted, a user cancel key is always
 added. Now it is checked, whether one of the keys matches one of the
 locks. If yes, the cancel is accepted. The cancel is also accepted, if the
 original article is (no longer) available, or the original article has no
 lock and was posted before a given time (to allow for the transition
 periode).  Otherwise, the cancel is rejected.

 You must also create the files /etc/news/canlock.def and
 /etc/news/canlock.adm and fill them with any characters (but please use
 printable characters, that makes the live of fgets easier). The patch
 needs some polishing before inclusion, especially review and removing of
 the fixed path for the secret files.

 Also attached is another approach.  Both require the libcanlock library,
 also attached.

-- 
Ticket URL: <http://inn-new.eyrie.org/trac/ticket/33>
INN <http://www.eyrie.org/~eagle/software/inn/>
InterNetNews


More information about the inn-bugs mailing list