Path: csiph.com!eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED!not-for-mail From: David Hume Newsgroups: aioe.system Subject: Re: A small poll Date: Sun, 29 Nov 2015 18:53:55 +0000 Organization: Haphazard Lines: 16 Message-ID: <848u5g7i2k.fsf@example.com> References: <84wpt3a39p.fsf@example.com> NNTP-Posting-Host: 52+pFfWrGR5AmW7Rb68DcA.user.speranza.aioe.org Mime-Version: 1.0 Content-Type: text/plain X-Complaints-To: abuse@aioe.org User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) X-No-Archive: Yes X-Notice: Filtered by postfilter v. 0.8.2 Cancel-Lock: sha1:naP9eRSO3qUNLybhTQrcOMtJKAY= Xref: csiph.com aioe.system:53 Paolo Amoroso writes: > Il 27/11/2015 16:08, David Hume ha scritto: >> >> The ability to cancel posts. >> > > without authentication server can't verify whether an article was sent by the > one who try to cancel it. > Ok well it was just an idea. Here is another idea: Suppose you hid the cancel-lock header on all the articles, and required it to match in order to cancel a post. Then in order for someone else to cancel my post they would have to know my cancel-lock which would be impossible to find out or guess. Would that work?