On 27 Jan 2024 23:55:23 +1000, noel <delet...@invalid.lan> wrote:
> On Fri, 26 Jan 2024 17:06:05 +0000, Adam W. wrote:
>
>> Only two parties can cancel a post protected with a cancel-lock. One is
>> the author himself, another one is his newsadmin. Are you talking about
>> these scenarios? Someone cancelling all posts he posted, or all posts
>> that were sent using his server?
>
> rogue news admins were a massive problem in 90's, I have no reason to
> believe much has changed.
Could you explain what abuse scenario you have in mind exactly, and
specifically how it relates to cancel-lock?
Sure, rogue newsadmin can cancel any and all the articles on their
newsserver if they like to. Rogue newsadmin can also try to send rogue
cancels to other servers (vast majority of which are properly configured,
and will just disregard such rogue cancels)
That is however unrelated to cancel-lock, which allows only original poster
to cancel only their articles on other news servers which do implement
cancel-lock (i.e. which disregard all incoming cancel messages _expect_ the
cancels which have same crypto-signature as the original post they attempt
to cancel).
Whether the person posted the original article on the newsserver which has
rouge newsadmin or a good one is not affecting cancel-lock functionality
(IOW, the rougue newsadmin cannot pretend to be original poster and cancel
their posts on servers which implement cancel-lock technology -- only the
original poster can [1]).
See
https://www.rfc-editor.org/rfc/rfc8315.html for details
[1] to avoid nitpicking: the "original poster" meaning "person having access
to private key used to sign the original post, which should be just the
original poster" (and disregarding extreme situations of e.g. someone
holding a gun to your head and asking that you hand over your private
key so they can pretend to be you and cancel your Usenet posts against
your will).
--
Opinions above are GNU-copylefted.