The PGP Moose - Implementation and Experience
Greg Rose
Qualcomm Australia
Abstract
USENET news traffic is growing exponentially, at a rate only
barely less than the World Wide Web. Many observers believe that
moderated newsgroups are the way of the future, to keep content
high quality and avoid advertising. However there is essentially
no security enforced on moderated newsgroups, and only a very small
chance that decent security could be integrated into the framework
itself.
The PGP Moose is free software, which attempts to address this
situation. The aim of this software is to monitor the news
postings of moderators of Usenet newsgroups, and to automatically
cancel forged messages purporting to be approved. This software and
protocol is designed around cryptographic signatures. The protocol
is designed to allow the use of different signature techniques. The
current implementation assumes the use of PGP [1] (Pretty Good
Privacy) signatures, but can be easily modified to use others, such
as the Digital Signature Standard or MD5. PGP was chosen for its
widespread availability around the world.
Since first being made available a few months ago, the PGP
Moose has been placed in control of a number of newsgroups in the
USA, Germany and Australia. It is also used by a few individuals,
particularly in Germany. Other solutions to the same problem are
also in limited use.
In this paper I examine the history and implementation of the
PGP Moose, and some of the problems with its deployment and
debugging.
View the full text of this paper in
ASCII (29,627 Bytes) and
POSTSCRIPT (495,509 Bytes) form.
To Become a USENIX Member, please see our
Membership Information.
Need help? Use our Contacts page.
Conference Index