Mr. Salz:

despite mr dukhovni's assertion that spam is not a problem and that people that are concerned about it are a problem, i contend that the seeming laxness of list controls is the core problem and spam is just an indicating vector. to wit:

'/List membership is not public/' which may be true until someone busts into the list and become privy to all of the personal data of posters. such intrusions will continue until someone addresses these breeches for what they are: security lapses.

'/Only members can post to the list/' is obviously not true when the same party which has prompted this thread posted to the list twice in a short time-frame (and this has happened before) from IP's without rDNS, from a bogus email/domain, and via an unknown MTA. these glitches can be easily caught in postfix when it is set up with a pretty minimalist approach to security.

my comment re aliases goes to the concern that a list that is all about HTTP/SMTP security and identity surety is freely dispersing so much personally identifiable subscriber information (PII) that is of such a high order of sensitivity that it is protected under U.S. Title XIII with parallel Canadian codes, even more stringent EU reg's such as 'Directive 95/46/EC' and the newly-enacted 'General Data Protection Regulation' ('GDPR'), and some EU Member regulations with stronger protections than those embodied in 95/46/EC (such as Nederland 'Wet bescherming persoonsgegevens' and UK 'Data Protection Act' amongst others).

in reality, openssl has no choice but to eventually comply with GDPR which would prohibit what is currently being done. so, it would be best to just get on with adapting all openssl systems to meet higher ethical and regulatory standards before they are embarrassingly imposed or, much worse, be shown to have operated in such a way that system breeches at subscriber firms could be traced back to openssl.


Thank you,

Johann v. Preußen


On 2016.Apr.19 19:03, Salz, Rich wrote:
the wider problem case is how non-subscribers are given two-way access to the 
list that exposes so much subscriber info (name, professional affiliation, 
email addr, ...) to whomever. i cannot fathom why the list does not make use of 
aliases so that each subscriber can control what they want to make public via 
their alias profile.
List membership is not public .  Only members can post to the list.  Not sure 
what else you think we are doing wrong.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to