[INN] #33: Support Cancel-Lock
INN
rra at stanford.edu
Sun Dec 14 07:14:54 UTC 2008
#33: Support Cancel-Lock
-------------------------+--------------------------------------------------
Reporter: eagle | Owner: eagle
Type: enhancement | Status: new
Priority: low | Milestone:
Component: general | Version:
Severity: wishlist | Keywords:
-------------------------+--------------------------------------------------
Cancel-Lock was a draft for a way to authenticate cancels
cryptographically, the idea being that all articles would contain
challenges that could only be met by the person knowing the original
challenge secret. A cancel would then only be honored if it had the
answer to the challenge in the article.
Abuse of cancels has dropped considerably and the Cancel-Lock protocol
never made it to an RFC, but it may still be worth looking at supporting
this in INN.
The first attached approach is from Andreas Barth. It has the following
features:
* A user can only post cancels for articles that are local posted or were
originally generated and canceled by a cancel-lock enabled newsreader. The
administrator may however allow users in readers.conf to post cancels for
every article.
* The patch adds just a very small burden on accepting articles and
cancels with post and almost no burden at all for transferring articles.
* Any news system could detect whether a cancel for an article
originating at your site is fraud.
The patch does the following:
* if a article is posted, - unless existing - a user cancel lock is
added, and always an admin cancel lock is added.
* if a cancel (oder supersedes) is posted, a user cancel key is always
added. Now it is checked, whether one of the keys matches one of the
locks. If yes, the cancel is accepted. The cancel is also accepted, if the
original article is (no longer) available, or the original article has no
lock and was posted before a given time (to allow for the transition
periode). Otherwise, the cancel is rejected.
You must also create the files /etc/news/canlock.def and
/etc/news/canlock.adm and fill them with any characters (but please use
printable characters, that makes the live of fgets easier). The patch
needs some polishing before inclusion, especially review and removing of
the fixed path for the secret files.
Also attached is another approach. Both require the libcanlock library,
also attached.
--
Ticket URL: <http://inn-new.eyrie.org/trac/ticket/33>
INN <http://www.eyrie.org/~eagle/software/inn/>
InterNetNews
More information about the inn-bugs
mailing list