Re: [Mailman-Developers] Crypto-sign to post

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Nov 13, 2006, at 2:55 AM, [EMAIL PROTECTED] wrote: > Barry Warsaw writes: > >> I suppose you could also have each mailing list publish a pubkey and >> require that messages be encrypted with that pubkey in order to get >> posted. > > Hey, that's gr

Re: [Mailman-Developers] Crypto-sign to post

--On 11 November 2006 23:03:52 -0500 Barry Warsaw <[EMAIL PROTECTED]> wrote: > > I suppose you could also have each mailing list publish a pubkey and > require that messages be encrypted with that pubkey in order to get > posted. Of course that increases the cycles involved on both ends, > but

Re: [Mailman-Developers] Crypto-sign to post

Hi, >>> I suppose you could also have each mailing list publish a pubkey and >>> require that messages be encrypted with that pubkey in order to get >>> posted. > Now there's something which I'm sure it's a small subset of people would > be interested in, but it would definitely be nice.. the

Re: [Mailman-Developers] Crypto-sign to post

Barry Warsaw writes: > I suppose you could also have each mailing list publish a pubkey and > require that messages be encrypted with that pubkey in order to get > posted. Hey, that's great, we can update RFC 2369 with a List-Pubkey header! I bet Gmane learns to use it within a week after

Re: [Mailman-Developers] Crypto-sign to post

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/11/06 11:03 PM, Barry Warsaw wrote: > I suppose you could also have each mailing list publish a pubkey and > require that messages be encrypted with that pubkey in order to get > posted. Of course that increases the cycles involved on both e

Re: [Mailman-Developers] Crypto-sign to post

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Nov 9, 2006, at 5:54 AM, Stefan Schlott wrote: > I already received some spam messages including GPG markings. They > were fake, > of course; they were used to fool simple scoring systems (e.g. if > message > contains "BEGIN PGP SIGNED MESSAGE"

Re: [Mailman-Developers] Crypto-sign to post

John W. Baxter writes: > I think all traces of the signature need to be stripped after it is used for > verification (but I could be wrong). This should be an option or at least there should be an easy way to work around it; suppose the message is something like a collection of checksums for a

Re: [Mailman-Developers] Crypto-sign to post

On 11/9/06 2:54 AM, "Stefan Schlott" <[EMAIL PROTECTED]> wrote: > Another possible problem: And yet another problem: the proliferation of different ways to create signed messages, and recognizing them successfully. I could sign messages at least three ways just using Apple's Mail.app: GPG wi

Re: [Mailman-Developers] Crypto-sign to post

On 11/9/06 5:54 AM, Stefan Schlott wrote: > As you mentioned, signing of a message is easy; so it is easy to sign a spam > message, too. The problem is: Which key is used to sign the message, and how > do you determine whether a key belongs to a spammer or to an ordinary user? > The signature alone

Re: [Mailman-Developers] Crypto-sign to post

Re-hi, > I brought this up on the Cairo mailing list recently > > and Carl Worth brought up the idea of a simple option to accept any post > that's cryptographically signed, regardless of subscriber status. I > liked this ide

Re: [Mailman-Developers] Crypto-sign to post

Ian Eiloart writes: > "blindly respond to spam" - respond to email without knowing > whether it's spam. Since I specified "careful filtering", I guess what you're saying is that all mail one wishes to reply to must be read by the responsible human (unless the replybot is owned by the recipient'

Re: [Mailman-Developers] Crypto-sign to post

--On 7 November 2006 12:40:56 +0900 [EMAIL PROTECTED] wrote: > Ian Eiloart writes: > > > This can be useful if enabled for specific domains - for example, we'd > use > it for our own domain. However, if you blindly respond to spam > with > confirmation messages, you'll be generating collate

Re: [Mailman-Developers] Crypto-sign to post

On Tue, Nov 07, 2006 at 12:40:56PM +0900, [EMAIL PROTECTED] wrote: > What "blindly"? As far as I can tell, any autoreponse to spam puts > you at risk from spamcop, no matter how much care you put into inbound > filtering. As does operating any mailing list or website. From my personal experienc

Re: [Mailman-Developers] Crypto-sign to post

Ian Eiloart writes: > This can be useful if enabled for specific domains - for example, we'd use > it for our own domain. However, if you blindly respond to spam with > confirmation messages, you'll be generating collateral spam. That'll > already get you blacklisted with spamcop. What "bl

Re: [Mailman-Developers] Crypto-sign to post

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Nov 6, 2006, at 6:59 AM, Ian Eiloart wrote: > This can be useful if enabled for specific domains - for example, > we'd use > it for our own domain. However, if you blindly respond to spam with > confirmation messages, you'll be generating collate

Re: [Mailman-Developers] Crypto-sign to post

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Nov 5, 2006, at 1:04 PM, Steve Huston wrote: > Having it on by default might be seen as a "back door" to some, but > off > by default means people would have to see the benefits of turning > it on > before they'd do so. Since signed mails are

Re: [Mailman-Developers] Crypto-sign to post

--On 4 November 2006 13:32:13 -0500 Barry Warsaw <[EMAIL PROTECTED]> wrote: > > Given that this could be a posting option that list admins could > choose or not, I'm all for it. I'd like to augment the "who can post > to this list" options with at least one other workflow: self- > verification.

Re: [Mailman-Developers] Crypto-sign to post

On Fri, Nov 03, 2006 at 04:18:59PM -0800, Nathaniel Gray wrote: > I can't tell you how many times I've done the "subscribe, disable > delivery, ask for CC on replies" mambo, and it's getting to the > point where I just won't bother unless I've got a serious issue. > The thing is, I don't blame th

Re: [Mailman-Developers] Crypto-sign to post

Subject: Re: [Mailman-Developers] Crypto-sign to post > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 11/4/06 1:32 PM, Barry Warsaw wrote: > > Given that this could be a posting option that list admins could > > choose or not, I'm all for it. > > I'

Re: [Mailman-Developers] Crypto-sign to post

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/4/06 1:32 PM, Barry Warsaw wrote: > Given that this could be a posting option that list admins could > choose or not, I'm all for it. I'd like to add my $.02 as well. I think this would be a great feature, and since admins could choose to use

Re: [Mailman-Developers] Crypto-sign to post

Barry Warsaw wrote: > On Nov 3, 2006, at 7:18 PM, Nathaniel Gray wrote: > >> As >> you can probably imagine, subscribe-to-post seriously annoys me. I >> can't tell you how many times I've done the "subscribe, disable >> delivery, ask for CC on replies" mambo, and it's getting to the point >> wher

Re: [Mailman-Developers] Crypto-sign to post

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Nov 3, 2006, at 7:18 PM, Nathaniel Gray wrote: > As > you can probably imagine, subscribe-to-post seriously annoys me. I > can't tell you how many times I've done the "subscribe, disable > delivery, ask for CC on replies" mambo, and it's getting t

[Mailman-Developers] Crypto-sign to post

Hi Mailmen & Mailwomen, I'm an open-source butterfly, flitting from project to project. I ask questions here, contribute patches there, and report bugs elsewhere. As you can probably imagine, subscribe-to-post seriously annoys me. I can't tell you how many times I've done the "subscribe, dis