On Wed February 25 2004 11:50, gnulinux(_at_)pacinfo(_dot_)com wrote:
if it's not
too much trouble i do request that you browse through
the rest of my post.
Already deleted, and I can't be arsed to go trash-digging right now.
i am very much wanting dialogue
around the issue of having the list digitally signed
by the list processor.
Okay, my three cents (inflation):
If the folks who actually run the list find themselves a spare moment to
breathe (not likely so soon before or after the meeting in Korea), it
might be fairly easy to implement.
However, what does it gain us? Authentication that the message in
question, was indeed sent via the IETF list. What does THAT gain us?
The ability to separate it out from the spam. (Note also the
assumption that anything sent to, or at least received from, the IETF
list is NOT spam. That may hold for this list, but certainly not for
all.)
On the other claw, using the Sender line for that purpose has been
working just fine for me. (It's forgeable, sure, but I see no sign
that spammers have bothered to do so, and don't think it's likely that
they will in the future.) That's also trivial to set up in any decent
MUA. Same holds for the List-ID, X-Been-There, and other markers used
by most other mailing lists. Most cannot filter so easily (or at all)
on the presence/absence or [in]validity of a digsig. Sure, advanced
tools such as procmail certainly can, but many of us don't even find it
necessary to use such things at ALL yet, and they're awfully difficult
for Joe Luser to set up for his mail from RANDOM-L.
Zero net gain, for at least some (and likely much) additional effort.
Why bother?
--
Dave Aronson, Senior Software Engineer, Secure Software Inc.
Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org
(Opinions above NOT those of securesw.com unless so stated!)
WE'RE HIRING developers, auditors, and VP of Prof. Services.