At 04:20 AM 11/1/2004 +0000, John Levine wrote:
The third category [Freeware like Mailman, Sympa, and Majordomo] is most
difficult. People tend to install the freeware packages and forget about
them, so it'll be a challenge to get them to upgrade, unless they're behind a
mailsig-aware MTA that handles the signatures automagically.
I'm a little worried about the mailing lists that are behind a mailsig-aware
MTA, actually.
What should mailing lists do about messages they sent which arrived without a
signature? I can think of 3 options:
1. Block them
2. Accept them and send them to the list without a signature from the list
3. Accept them and sign for the list
I don't expect option 1 will be practical anytime soon.
2 seems promising; it seems only appropriate to sign if the input was signed.
3 sounds like a recipe to dilute the value of the list's signature, and seems
like a good way to get messages signed by the list for use in a subsequent
replay attack. Of course, this would be more reasonable for closed lists.
A mailing list behind a mailsig-aware MTA will tend to behave per option 3 by
default.
-Jim