About Cancels

A number of people have asked about the relationship between this project and spam cancels. IMHO, the point is moot.

I envision unauthenticated cancel messages will rapidly become obsolete, once people start posting menu driven cancelbots. If we want cancels back we'll have to authenticate them.

Taneli Huuskonen first suggested this scheme to me, and I think it's an excellent idea.

For every posted message there is a "Cancel-Key" which is the message-id of the message hashed with a secret password. The MD5 of the cancel-key is the "Cancel-Challenge" which is posted as a header in every post you make. To cancel that post, the cancel message must have a copy of the Cancel-Key in the headers. An admin can configure his news software to add another Cancel-Challenge to the post, if he/she wishes to retain the rights to cancel it. The only people this leaves out in the cold is the moderators-- this does not allow them to protect their newsgroup-- perhaps a public key based system to "prove" moderation will prove necessary, but that will require some MAJOR reworkings of news...

Email: moose@cm.org