On 25/03/2016 19:44, Walter Bright wrote:
No, there is another shortcoming of NNTP that is innate: it doesn't
require an
account / authentication, anyone can post without registering, emails
accounts
can be spoofed, etc.
It's actually pretty easy to add a field with a crypto hash in it, and
have the NNTP server reject postings without the hash, and then supply
the hash only with validated account creation.
There's a scheme out there that does something like this for PGP key
signing.
Yeah, but how many NNTP clients would support that? Certainly one could
build this feature on top of NNTP, but then it would not be pure NNTP
anymore, and I guess it would break many clients, no?
--
Bruno Medeiros
https://twitter.com/brunodomedeiros
