Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
USENIX Tenth System Administration Conference (LISA '96)

The PGP Moose - Implementation and Experience


Greg Rose
Qualcomm Australia

Abstract

USENET news traffic is growing exponentially, at a rate only barely less than the World Wide Web. Many observers believe that moderated newsgroups are the way of the future, to keep content high quality and avoid advertising. However there is essentially no security enforced on moderated newsgroups, and only a very small chance that decent security could be integrated into the framework itself.

The PGP Moose is free software, which attempts to address this situation. The aim of this software is to monitor the news postings of moderators of Usenet newsgroups, and to automatically cancel forged messages purporting to be approved. This software and protocol is designed around cryptographic signatures. The protocol is designed to allow the use of different signature techniques. The current implementation assumes the use of PGP [1] (Pretty Good Privacy) signatures, but can be easily modified to use others, such as the Digital Signature Standard or MD5. PGP was chosen for its widespread availability around the world.

Since first being made available a few months ago, the PGP Moose has been placed in control of a number of newsgroups in the USA, Germany and Australia. It is also used by a few individuals, particularly in Germany. Other solutions to the same problem are also in limited use.

In this paper I examine the history and implementation of the PGP Moose, and some of the problems with its deployment and debugging.


View the full text of this paper in ASCII (29,627 Bytes) and POSTSCRIPT (495,509 Bytes) form.

To Become a USENIX Member, please see our Membership Information.

?Need help? Use our Contacts page.

Last changed: 8 May 2002 aw
Conference Index
USENIX home