> I think the moment is coming where we should think about using those
> interesting GPG keys for something more than "just" signing releases.
S/MIME certificates are acquired, e.g., from Thawte, just as you would an
SSL certificate. There are root Certificate Authorities, just as for HTTPS.
Any good mail client has built-in support. Thawte certificates are free,
although they have limited verification until you start to get signed by
Thawte notaries (another web-of-trust concept).
> Is there any way, for instance, to allow messages signed by Apache
> committers to pass through to any public Apache list unmoderated?
How do you propose getting a critical mass of signed mail, and what do you
want to do in the meantime with unsigned mail from a subscriber?
The mail server would need everyone's public key to verify the signatures.
But how does that solve the problem? Are you going to require *ALL*
messages to be signed?
Mind you, I've been saying for years that, because of spam, e-mail anonymity
is going to die. All messages will be required to be digitally signed, or
will be considered spam a priori. So your view does not bother me in the
slightest, but other people consider that there is a right to send anonymous
e-mail. I agree. I'd just mark it as spam. But until S/MIME is the
accepted norm, rather than the exception, I don't see that it offers a
solution.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
