Mike, I'm really not trying to argue with you here. I definitely think we
need a non-spoofable way around this. I was trying to point out what I
think is an important use case for how signed mailing list mail can be
handled in the future.
-Rand
On Wed, 27 Oct 2004, Michael Thomas wrote:
Rand Wacker writes:
>
> On Wed, 27 Oct 2004, David Woodhouse wrote:
>
> > The real problem with DK is that it doesn't survive existing mailing
> > lists though -- it is common practice to add a few lines to the bottom
> > of a mail as it's sent to a list, and that practice isn't going to
> > change any time soon. We really need to use an algorithm which allows
> > the recipient to locate the original content and verify it, rather than
> > just breaking.
>
> We should think non-spoofable ways around this , but in the long run, if
> the mailing list changes the message it should re-sign. Hell I'm in favor
> of the mailling list re-signing just because I want to be able to reliably
> whitelist the mail list and not have to whitelist every single person who
> might post to it.
While we're at it, we might make a strong statement about
world hunger too... I'm rather incredulous that people have
such a cavalier attitude about a major and important use of
email: mailing lists. Telling them to have a flag day will
be about as successful as telling anybody else to have a
flag day. Our goal is to be success here, right? Major
breakage on trivially common cases is *not* a success
vector. We can't provide for every mangler out there, but
that doesn't give us license to ignore all of them. If we
get to the 80/20 rule, we've done as best we can. But
ignoring, oh say, Yahoo Groups is just not an option.
Mike