pgpmoose

pgpmoose is a standard by which all valid messages in a moderated Usenet newsgroup are signed with a specific PGP/GPG key. All messages that appear in the group without that valid pgpmoose key are therefore invalid and assumed to be forged, and should be automatically removed from the newsgroup.

The pgpmoose project was started by Greg Rose, and is documented here. It is currently maintained by Tim Skirvin.

Mailing Lists

There are currently two mailing lists for pgpmoose-related traffic:

• pgpmoose@lists.big-8.org - run by the Big-8 Management Board.
• pgp-moose@ornl.gov - less maintained but older members are still present

pgpmoose tools

Moderators

In regards to pgpmoose, the primary job of the moderator is to sign all posts that are posted to the group. After that, it is the moderator's responsibility to ensure that the group is being monitored by a pgpmoose administrator, and that news administrators honor the directives of those pgpmoose administrators.

Writing a new Moderation Bot

The easiest way to sign your posts with pgpmoose is to use the sign_pgpmoose () function in News::Article.

A simple verification script is available here, based on News::Article::Cancel (also available through CPAN.

STUMP and other old Moderation Bots

If you would like to drop-in support for modern pgpmoose checking scripts using GPG, you can download replacement pmapp and pmcheck scripts here.

News Administrators

The responsibility of the news administrator is simply to honor the proper directives of the pgpmoose administrators. There are three means of doing this automatically: cancels, NoCeMs, or custom on-spool technologies.

Cancels

The easiest (and least secure) way of following the directives of the pgpmoose moderators is to simply enable third-party cancels on your server. This is risky, as doing so opens up additional forms of cancel attacks. For more information, please see the Cancel Messages FAQ.

NoCeMs

A more secure but more difficult to configure method of protecting your moderated groups is NoCeM. As described here:

NoCeM [...] is a protocol enabling authenticated third parties
to issue notices which site administrators can use to delete unwanted
articles from their news spool, or which end users can use as a
'third-party killfile'. It is intended to eventually replace the protocol
for third-party cancel messages. Other kinds of application are also
possible.  

In this case, NoCeM messages are issued for articles that fail the pgpmoose check.

Tim Skirvin issues and signs NoCeM messages based on pgpmoose signatures for groups that he monitors. If you are interested in following these NoCeM messages, or in signing up to have a group watched, details are here.

On-Spool Techniques

There are currently no on-spool software packages to verify pgpmoose signatures. If you are interested in writing one, please contact Tim.

pgpmoose Administrators

Software to cancel posts and/or issue NoCeMs is available here. Please warn the pgpmoose mailing list if you are moderating a new group!