s-o-1036 June 1994

11.3. Anarchy

The  highly  distributed nature of news propagation, and the
lack of adequate authentication  protocols  (especially  for
use  over  the less-interactive transport mechanisms such as
UUCP), make article forgery relatively straightforward.   It
may  be  possible to at least track a forgery to its source,
once it is recognized as such, but clever forgers  can  make
even  that  relatively difficult.  The assumption that forg-
eries will be recognized as such is also not to be taken for
granted;  readers  are notoriously prone to blindly assuming
authenticity.  If  a  forged  article's  initial  path  list
includes the relayer name of the supposed poster's host, the
article will never be sent to that  host,  and  the  alleged
author may learn about the forgery secondhand or not at all.

A particularly noxious form of forgery is the  forged  "can-
cel"  control  message.  Notably, it is relatively straight-
forward to write software that will automatically send out a
(forged)  cancel message for any article meeting some crite-
rion, e.g. written by a specific author.  The authentication
problems discussed in section 7.1 make it difficult to solve
this without crippling cancel's important functionality.

A related problem is the possibility of  disagreements  over
newsgroup  creation,  on  networks where such things are not
decided by central authorities.  There have  been  cases  of
"rmgroup wars", where one poster persistently sends out new-
group messages to create a newsgroup  and  another,  equally
persistently,  sends  out rmgroup messages asking that it be
removed.  This is not particularly damaging, if relayers are

INTERNET DRAFT to be        NEWS                   sec. 11.3


configured  to  be cautious, but can cause serious confusion
among innocent third parties who just want to  know  whether
they can use the newsgroup for communication or not.