Opened 14 years ago
Last modified 7 years ago
#33 new enhancement
Support Cancel-Lock
| Reported by: | eagle | Owned by: | eagle |
|---|---|---|---|
| Priority: | low | Milestone: | 2.6.x |
| Component: | general | Version: | |
| Severity: | wishlist | Keywords: | compliance |
| Cc: |
Description
Cancel-Lock was a draft for a way to authenticate cancels cryptographically, the idea being that all articles would contain challenges that could only be met by the person knowing the original challenge secret. A cancel would then only be honored if it had the answer to the challenge in the article.
Abuse of cancels has dropped considerably and the Cancel-Lock protocol never made it to an RFC, but it may still be worth looking at supporting this in INN.
The first attached approach is from Andreas Barth. It has the following features:
- A user can only post cancels for articles that are local posted or were originally generated and canceled by a cancel-lock enabled newsreader. The administrator may however allow users in readers.conf to post cancels for every article.
- The patch adds just a very small burden on accepting articles and cancels with post and almost no burden at all for transferring articles.
- Any news system could detect whether a cancel for an article originating at your site is fraud.
The patch does the following:
- if a article is posted, - unless existing - a user cancel lock is added, and always an admin cancel lock is added.
- if a cancel (oder supersedes) is posted, a user cancel key is always added. Now it is checked, whether one of the keys matches one of the locks. If yes, the cancel is accepted. The cancel is also accepted, if the original article is (no longer) available, or the original article has no lock and was posted before a given time (to allow for the transition periode). Otherwise, the cancel is rejected.
You must also create the files /etc/news/canlock.def and /etc/news/canlock.adm and fill them with any characters (but please use printable characters, that makes the live of fgets easier). The patch needs some polishing before inclusion, especially review and removing of the fixed path for the secret files.
Also attached is another approach. Both require the libcanlock library, also attached.
Attachments (3)
Change History (7)
Changed 14 years ago by
| Attachment: | nnrpd-cancel-lock.patch added |
|---|
comment:1 Changed 14 years ago by
The draft can be found at http://tools.ietf.org/html/draft-ietf-usefor-cancel-lock-01.
comment:2 Changed 14 years ago by
Another approach by Alexander Bartolich:
http://albasani.net/viewvc.cgi/trunk/lib/Schnuerpel/INN/?root=schnuerpel
Also see (in German):
<news:f683h5$51u$7@news.albasani.net>
<news:f8ffta$dd1$3@news.albasani.net>
comment:3 Changed 14 years ago by
| Keywords: | compliance added |
|---|
comment:4 Changed 7 years ago by
| Milestone: | → 2.6.x |
|---|
Patch against INN 2.3.5