> > How do you propose getting a critical mass of signed mail, and what do
> > you want to do in the meantime with unsigned mail from a subscriber?
> Making life easier for people using them and more difficult for people
> not using them.
> I expected some expert to come out and say "Actually, project
> XYZ in sourceforge does a variant of this, only much better" :-)
The problem is not whether or not some project does it (we've got some new
toys for James that will handle S/MIME operations on the server), but
whether or not we can reasonably expect universal availability without
unduly impacting our general audience. Subscription is an easy one-time
thing.
> > The mail server would need everyone's public key to verify the
> > signatures.
> This looks simple enough, at least for people signing releases.
That would be a few handfuls of people. What about the 1000s of regular
users who subscribe to the lists?
> > But how does that solve the problem? Are you going to require *ALL*
> > messages to be signed?
> The initial "prize" would be something like you don't need to subscribe
> or wait moderation to send
What does this do to stop spam from someone who decides to use your address
as the fake sender? Haven't you ever gotten bounced e-mail because someone
sent spam posing as you? The only way to stop it is to verify each and
every e-mail with an authenticated identity. When no one can send e-mail as
anyone other than themself, then spam will start to stop.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
