In article <telecom24.589.7@telecom-digest.org>, Tony P.
<nospam.kd1s@cox.nospam.net> wrote:
> Oh it would drive them crazy of all of a sudden public key encryption
> were in use on NNTP groups. Not that pk can't be broken -- it can. It all
> depends on the number of bits in the key.
> [TELECOM Digest Editor's Note: Well, I want the strongest encryption I
> can get for this Digest, if anyone will help me work on it. Maybe I
> will do it for all my web pages, etc. PAT]
What would be the point? If you encrypt it, then no one can read it.
Or everyone can read it. Think about how public key encryption works.
If you encrypt with your private key, then everyone can read it via
your public key. If you encrypt with your public key, then only you
can read it. duh. If you use someone else's public key, then only
those specific people can read it. Not very useful for a newsgroup.
I suppose you could sign the postings, maybe to support automatic
cancelation of spammed postings, but there doesn't seem to be much of
an issue with unauthorized postings lately.
John Meissen jmeissen@aracnet.com
[TELECOM Digest Editor's Note: Well, for a long time what I did was
use a mild form of encryption on the 'approved-by' line on Usenet
for the comp.dcom.telecom newsgroup. It was like 'md5'. My approved-by
line was always created using a group of passwords piped through md5
and then at three other major 'backbone sites' around the USA and
Europe used for Usenet, those three or four News Admininstrators had
the required key on their systems. I did not encrypt the entire
contents of all messages, just the 'approved-by' line. Now those three
or four news admins had phishermen of their own sitting there at the
stream of news as it came along. Those phisher-bots had only one
concern: looking for articles in the news group comp.dcom.telecom
nothing more or less; it is not my concern to monitor other people's
newsgroups. When an article for c.d.t. came long, the phisher-bots
would look it over closely; if it had that md5 encryption and it
was correct, they would toss it back in the stream and let it go on
its way. If the article for c.d.t. did _not_ have the proper
encryption on it the bots would fish it out of the stream and do a
couple things with it. (1) They would send it in _email_ to me to look
at; (2) they would issue a control: cancel on it to be forwarded far
and wide; (3)they would warn the other phisher-bots elsewhere to be on
the look out for it; and (4) they would destroy it entirely without
any word at all to the person who polluted the stream with it to start
with. When I got the email copy of the 'message' I then decided either
to manually approve it and put it back in the stream but most of the
time I pitched it also. I used that system for a couple years back in
the early 1990's and it seemed to work rather well, as long as there
were human beings upstream who knew the (automated) routine. And since
the 'approved-by' encryption line was based on the entire message and
the author's name, etc it was impossible for 'someone' to just take a
sample message and 'cut and paste' the encryption line. I suggested
it would work for almost any newsgroup which required an approved-by
line. I had had a bad seige of spam in c.d.t. about that time, people
would just add crazy 'approved-by' lines and get them though. But my
system brought that almost entirely to a halt, although I did get a
_huge_ amount of worthless junk in my own email, but the newsgroup
stayed mostly clean.
Then I went to my father's funeral for about a week (I lived in
Chicago at the time, he and mother and grandmother lived here in
Independence.) The Digest ran for that week or so on 'autopilot' and
when I came back someone had dismanted the md5 encryption thing
entirely. About that time I had the first of my heart attacks and
a couple 'Usenet gurus' insisted my plan would not work; that it would
take too many resources. It was never explained to my satisfaction why
it would not work, and as for resources it did not take much time to
maintain. But, that was the end of my stream-phisher-bots. I honestly
feel several moderators working together like that could eliminate
most Usenet spam. PAT]
jmeissen@aracnet.com