Murray S. Kucherawy writes: > I had forgotten about message headers (i.e., prepended text). Are > those common? I had thought pretty much everyone uses footers > only.
They're sometimes useful on lists that only get occasional distribution. I've used them in situations where I have an emergency announce list which feeds into the main ML, and the content is "This is important!" :-) I don't bother any more, and I doubt much would be lost if there were no header. The other use case I've seen is to announce special conditions like "emergency moderation is in effect, expect delays in posting". I agree with you that they'd be no big loss. > It's certainly the case that this proposal only deals well with > footers. The specific algorithm is to construct a MIME tree and > sign parts of it; specifically, sign all of it, and then verify all > of what you get first. I think this is the wrong algorithm. I suspect that "the community" is going to be almost as leery of this proposal as they are of l=, and for similar reasons. Given that, I really think the right thing to do is to take the MIME structure seriously and sign part-by-part. My feeling is that in the next decade we're going to see a sea change in the attitude toward personal security. Some big webmailer (my money is on values of "some" that start with "G") is going to bite the bullet, and provide users with "sign" and "encrypt" buttons, and an endpoint in OpenAuth for public key distribution.[1] I think it would be a good idea to have protocols in place that show how to do this right, making it possible to pass along attachments and the like with "traditional" trimmed quoting for context. Footnotes: [1] Yes, I know that the GPG folks are busily proving that "simple security" can't be done, and of course if your PC is part of a botnet they have your keys and your passphrase. Still, it ups the ante for the blackhats, and more important, it allows us to distribute the burden of encryption/decryption to user boxen instead of central servers, in *many* ways, not just the expensive crypto, but also things like keeping lists of suborned keys of correspondents. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
