Opened 11 years ago

Last modified 3 years ago

#33 new enhancement

Support Cancel-Lock

Reported by: eagle Owned by: eagle
Priority: low Milestone: 2.6.x
Component: general Version:
Severity: wishlist Keywords: compliance
Cc:

Description

Cancel-Lock was a draft for a way to authenticate cancels cryptographically, the idea being that all articles would contain challenges that could only be met by the person knowing the original challenge secret. A cancel would then only be honored if it had the answer to the challenge in the article.

Abuse of cancels has dropped considerably and the Cancel-Lock protocol never made it to an RFC, but it may still be worth looking at supporting this in INN.

The first attached approach is from Andreas Barth. It has the following features:

  • A user can only post cancels for articles that are local posted or were originally generated and canceled by a cancel-lock enabled newsreader. The administrator may however allow users in readers.conf to post cancels for every article.
  • The patch adds just a very small burden on accepting articles and cancels with post and almost no burden at all for transferring articles.
  • Any news system could detect whether a cancel for an article originating at your site is fraud.

The patch does the following:

  • if a article is posted, - unless existing - a user cancel lock is added, and always an admin cancel lock is added.
  • if a cancel (oder supersedes) is posted, a user cancel key is always added. Now it is checked, whether one of the keys matches one of the locks. If yes, the cancel is accepted. The cancel is also accepted, if the original article is (no longer) available, or the original article has no lock and was posted before a given time (to allow for the transition periode). Otherwise, the cancel is rejected.

You must also create the files /etc/news/canlock.def and /etc/news/canlock.adm and fill them with any characters (but please use printable characters, that makes the live of fgets easier). The patch needs some polishing before inclusion, especially review and removing of the fixed path for the secret files.

Also attached is another approach. Both require the libcanlock library, also attached.

Attachments (3)

nnrpd-cancel-lock.patch (10.6 KB) - added by eagle 11 years ago.
Patch against INN 2.3.5
canlock.tar.gz (19.0 KB) - added by eagle 11 years ago.
Another Cancel-Lock patch (older)
libcanlock.tar.gz (35.6 KB) - added by eagle 11 years ago.
libcanlock library

Download all attachments as: .zip

Change History (7)

Changed 11 years ago by eagle

Attachment: nnrpd-cancel-lock.patch added

Patch against INN 2.3.5

Changed 11 years ago by eagle

Attachment: canlock.tar.gz added

Another Cancel-Lock patch (older)

Changed 11 years ago by eagle

Attachment: libcanlock.tar.gz added

libcanlock library

comment:3 Changed 11 years ago by Julien ÉLIE

Keywords: compliance added

comment:4 Changed 3 years ago by Julien ÉLIE

Milestone: 2.6.x
Note: See TracTickets for help on using tickets.