Re: Identification of moderators via challenge/response

On Thu, Oct 01, 1998 at 02:06:59PM +0000, Charles Lindsey wrote:
> In <ylr9wwyjhv.fsf <at> windlord.stanford.edu> Russ Allbery <rra <at> stanford.edu> writes:
> 
> >Cancel locks are designed to determine if the author of a second message
> >is the same as the author of a first message, yes?  So suppose a newsgroup
> >moderator posted a message with something that was equivalent to a cancel
> >lock, probably as a named article, and then in every subsequent message to
> >the group included a header that contained the equivalent of the cancel
> >key for that lock.

I forgot to mention the other major problem in this system.  It is subject
to man-in-the-middle attacks.

Once the moderator makes a posting using one of the keys the previously
published, they in effect reveal that key.   This allows a man-in-the-middle
to discard the article the moderator posted, and replace it with soemthing
else, now that they know the unlocking key.

As noted, on USENET, a "man in the middle" can be somebody with a program
running on the moderator's ISP or other close site, who then quickly
logs into other ISPs and injects their own artice once they find out the
key.  They don't have to be a site owner.

The cancel lock is of course "subject" to this attack in that posting the
cancel reveals the key.  But there is no harm, because all you can do with
the key is cancel the article, and the author wanted that in the first
place.