Joe:
Some mail lists are configures to add a suffix to the message. Others, like
this one, do not.
Adding a suffix changes the content, and that action is guaranteed to break a
signature.
Russ
On Jun 2, 2015, at 9:44 AM, Joe Abley wrote:
Hi all,
All this "HTTPS everywhere" mail collided for me this morning with a similar
avalanche of press about Facebook's freshly-announced use of PGP:
https://www.facebook.com/notes/protecting-the-graph/securing-email-communications-from-facebook/1611941762379302
Mail to public mailing lists can already be signed (like this one is). It'd
be nice if mailman didn't MITM the signed content, so that the signature can
be validated. (Perhaps it will; I will find out after I hit send.) There's
lots of other mail from individuals to closed groups like the IAB and the
IESG and from IETF robots to individuals that *could* be encrypted, or at
least signed. There is work here that *could* be done.
If the argument that we should use HTTPS everywhere (which I do not disagree
with) is reasonable, it feels like an argument about sending encrypted e-mail
whenever possible ought to be similarly reasonable. Given that so much of the
work of the IETF happens over e-mail, a focus on HTTP seems a bit weird.
Note that this is not an attempt to start a conversation about whether PGP is
usable, or whether S/MIME is better. I will fall off my chair in surprise if
it doesn't turn into one, though.
Joe
smime.p7s
Description: S/MIME cryptographic signature