On Thu, Mar 18, 1999 at 01:37:54PM +0000, Charles Lindsey wrote:
If it is laudable, then we should make all reasonable efforts to achieve
it. It the mail gurus don't want to play, then the Usenet people can go it
alone. But even then, we need to make it gateway proof if at all possible.
I don't see how to do this, for reasons including the ones I cited.
It is wrong to expect there is only going to be one certificate space,
and that's what it would take to be 'gateway proof', unless you refer
to gateways that move out of one certificate space into another and back
to the original.
Frankly, such gateways have always been deprecated for USENET and I see
no reason to start having them. However, any USENET signing scheme, if
simply preserved in the headers, will allow such a re-gateway with safety,
which is better than what we had before!
No. My Draft carefully left it up to each 'application' as to how
certificates were distributed. Insofar as signing Usenet Control messages
is an application (the main/only one on the table so far) then we may well
define an infrastructure for that purpose. In the absence of specific
applications, people will presumably have to get certificates from the
usual PGP servers and decide for themselves how much of the web-of-trust
to believe.
I don't see how that could work in any efficient manner. Can you describe
how?
The whole idea of certificates is you *don't* distribute them. You don't
fetch them from servers. USENET can't operate as I know it today
if you need to go off tor remote servers to process a message.
The whole reason to use certificates is to avoid that. So that every
message, contains, within itself, the means to verify it using only one
of a small set of well known keys that everybody will have on hand or can
get immediately.
You have to distribute those keys, but they are such a small set that it
can even be done manually if need be (though it's nice to work out automated
systems.)
That is a messy solution to be avoided if possible. Nevertheless, my draft
makes provision for that where necessary.
The problem is that you don't want people posting messages you can't
verify, and if you post a message, you want to be sure everybody can
verify it. If you let people post a message using keys and certificates
from the E-mail certificate world, you are in effect saying all USENET
sites have to understand E-mail certificates. Or those of any other world
we will allow in.
And right now the rest of the certificate world is gravitating to x.509 which
is really not suitable for USENET.