Daniel Kahn Gillmor writes: > I'm just pointing out that mailman commonly produces what you've > called "invalid data",
In the OpenPGP sense that the whole message cannot be considered to be validly signed, even though it may contain a multipart/signed part with a valid signature. > and that its common production of that "invalid data" is precisely > what this MUA's author cites as something he wants to be able to > validate instead of hiding the main message contents' openpgp > signature entirely. [0] How is that relevant to us? No matter how you slice it, if Mailman does its thing of adding a header or footer, the MUA has to dig into MIME structure and validate a subpart. Sure, in Abhilash's scheme Mailman will be validating the subpart as a service to lazy (?) or anonymous subscribers, but a PUCT[1] will want to double-check that Mailman did what it claims to do. > But producing messages is what mailman does, so maybe we fix the > message-producing mailman wackiness on the mailman list It's *not* wackiness. It's perfectly standard-conforming, and I see no reason why people who currently don't sign messages, and don't want to ask Mailman to do so because the necessary infrastructure is user- hostile, should be punished or be criticized for producing such messages. My point is that I have no objection to trying to create valid messages that will validate correctly on as many MUAs as possible. What I object vehemently to is the idea that what a broken MUA (such as TB-E) does is a valid test of anything Mailman does. Especially not with a broken message. I also have no objection to Mailman lists simply signing everything, so that they can advertise that they do. (OTOH, this is already more or less fulfilled by DKIM, so it's a niche use case.) Footnotes: [1] Paranoid User of a Certain Type. Ie, trusts the author but not the list. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
