Re: [gentoo-user] Mailing list and PGP/MIME
On Fri, 30 May 2008 10:39:35 +0900 Paul Sebastian Ziegler [EMAIL PROTECTED] wrote: Glad to hear you didn't mind, Daniel. Actually, I've enjoyed it! :) It was very crazy to see my name under something I've never said. The lack of control just rushed my adrenaline even though I was expecting something like that. Thanks! Yes, you traced me correctly. And as Rob already noticed, that could be circumvented by spoofing the header a little more. True. It wouldn't be so hard to send the message from another place. Also you were correct to notice, that the receiving server has the last word - however many servers today do -not- perform reverse DNS lookups. You can basically put into the EHLO message whatever you want and the receiving server will buy it. So with some effort we could make it look as if the message was actually received from fg-out-1718.google.com. At least as long as pidgeon.gentoo.org doesn't do reverse DNS lookups, which frankly I didn't check. :) --Paul Unfortunately many times one cannot control the reverse records, because the IP address pool belongs to the ISP. Nevertheless the SMTP server logs the IP address which the message came from. It doesn't matter if the message would be bounced or accepted because of the (in)correct reverse resolving. Additionally there's the SPF [1] and I believe the email system at gentoo.org uses it. If that's so and my poor abused address :) was at a domain with SPF record imposing fail policy, that message shouldn't be accepted at all. At best you'd get something like: Domain of [EMAIL PROTECTED] does not designate 192.0.2.25 as permitted sender. Anyways the right thing to do is to ban the IP address which the offencive message came from, not the email address. So, signatures don't come to play here. [1] http://www.openspf.org/ -- Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Iliev wrote: Come ooon! :) The whole bet thing was of course a joke. What I had in mind is that you'd have to hack Gmail which I believe won't classify as relatively easy. Not to mention that even just for proof of concept this would be illegal, so I'd never expect you to do it. No problem. :-) Alright, the most important thing in this discussion appears that we all agree that signing mails to ML or not, either way there's no harm. So, I think we'd better stop at this point and let it go. Agreed? I have no problem with that. :-) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhAIVgACgkQKT9zBKF0twVWLQCfWd/4i0XgyOTuHuJIAxv8pq8D Ug0An0q7/0FB909Ox7SMu3qWAtndAQbL =6TZf -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Iliev wrote: Unfortunately many times one cannot control the reverse records, because the IP address pool belongs to the ISP. Nevertheless the SMTP server logs the IP address which the message came from. It doesn't matter if the message would be bounced or accepted because of the (in)correct reverse resolving. Additionally there's the SPF [1] and I believe the email system at gentoo.org uses it. If that's so and my poor abused address :) was at a domain with SPF record imposing fail policy, that message shouldn't be accepted at all. At best you'd get something like: Domain of [EMAIL PROTECTED] does not designate 192.0.2.25 as permitted sender. Anyways the right thing to do is to ban the IP address which the offencive message came from, not the email address. So, signatures don't come to play here. [1] http://www.openspf.org/ But you see it isn't that difficulty to abuse a email address. That what happened to your address and what P. S. Ziegler described was what I meant with relatively easy. ;-) Have fun, W. Canis :-) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhAIscACgkQKT9zBKF0twXUNACfdOnkosO99d8JqV0+JsYynrhP 0hkAoJgZzmfQAMcTpg8hehBhbZ/frb4M =XD5e -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
On Fri, 30 May 2008 17:52:41 +0200 Wolf Canis [EMAIL PROTECTED] wrote: But you see it isn't that difficulty to abuse a email address. That what happened to your address and what P. S. Ziegler described was what I meant with relatively easy. ;-) Have fun, W. Canis :-) Alright, I give up! (but ain't gonna sign my posts :P) See you guys next week and have a nice weekend! :) -- Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Iliev wrote: [...] Absolutely. I just wonder how many people will choose not to use such kind of list in order not to sacrifice their anonymity. Exactly. [...] It also might be the same person signing with different keys or sometimes signing somtimes - not. What's the difference for the other guys on the list - in both cases they will get some junk before the offending account is stopped. What's the difference for the sender - guilty or not, his address gets blacklisted. Correct. Signing makes only sense if you do it consistently. [...] Forgot, choosed not to, didn't renew... I believe it's the majority, but I may be wrong. OK, I forgot the human factor. ;-) [...] Relatively easy? Well, hereby I give you my blessing and dare you to send a proof of concept message to this list imposing as me. Additional condition: you must have no other access to Gmail than what is granted to everyone outside the company. If you succeed I promise to sign every single email I send from that point on. :) OK, I can't bring myself a proof of concept. I'm not a evil hacker. But I said relatively easy, I meant that if you have your own server running (with for example sendmail) and enough criminal energy, know how, I'm pretty sure that it's possible. And I'm also pretty sure that my thinking is much to complicated. Because e-mail abuse is not new and your proof of concept is probably since a long time ago produced. ;-) W. Canis -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkg+YNYACgkQKT9zBKF0twVe2QCfZJtt/Squj33IROJMnRNwDk4A 5ZEAn1mTDiyAa6bA7JYKiFE+9ZuaucIi =l5vv -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
Hello On Wed, May 28, 2008 at 04:08:02AM +0300, Daniel Iliev wrote: Disagree, because of the possibility that without signatures it's relatively easy to bring a subscriber into discredit. Relatively easy? Well, hereby I give you my blessing and dare you to send a proof of concept message to this list imposing as me. Additional condition: you must have no other access to Gmail than what is granted to everyone outside the company. If you succeed I promise to sign every single email I send from that point on. :) You can set your own From:, Reply-To: and other headers. You do not change the Received: path, but this is enough for many people. Shall I show it? -- This email was generated by a biological random generator. If you want more random text, just respond to this email. Michal 'vorner' Vaner pgploXtcLm7pN.pgp Description: PGP signature
Re: [gentoo-user] Mailing list and PGP/MIME
W. Canis wrote: OK, I can't bring myself a proof of concept. Allow me to help you with that part. Personally I still think signatures in public mailing lists are overrated. NOT signed by Some Gentoo user with a security job and 5 minutes of time P.S. Daniel - I really hope this is ok with you. I took your dare literally for this one time. Your personality won't be abused by me again. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
On Thu, 29 May 2008 09:52:57 +0200 Wolf Canis [EMAIL PROTECTED] wrote: Relatively easy? Well, hereby I give you my blessing and dare you to send a proof of concept message to this list imposing as me. Additional condition: you must have no other access to Gmail than what is granted to everyone outside the company. If you succeed I promise to sign every single email I send from that point on. :) OK, I can't bring myself a proof of concept. I'm not a evil hacker. Come ooon! :) The whole bet thing was of course a joke. What I had in mind is that you'd have to hack Gmail which I believe won't classify as relatively easy. Not to mention that even just for proof of concept this would be illegal, so I'd never expect you to do it. Alright, the most important thing in this discussion appears that we all agree that signing mails to ML or not, either way there's no harm. So, I think we'd better stop at this point and let it go. Agreed? :) -- Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
On Thu, 29 May 2008 08:38:27 + (UTC) [EMAIL PROTECTED] wrote: W. Canis wrote: OK, I can't bring myself a proof of concept. Allow me to help you with that part. Personally I still think signatures in public mailing lists are overrated. NOT signed by Some Gentoo user with a security job and 5 minutes of time P.S. Daniel - I really hope this is ok with you. I took your dare literally for this one time. Your personality won't be abused by me again. No problem,..ehh..PSZ, I presume? :) It was I who gave the idea and the challenge. Don't worry, it's really fine by me. I admit I looks very much as if the message was sent by me and could be deceiving at first glance, but: FAKE: === Received: from observed.de (observed.de [81.169.134.89]) by pigeon.gentoo.org (Postfix) with ESMTP id AE151E05BC for gentoo-user@lists.gentoo.org; Thu, 29 May 2008 08:38:27 + (UTC) === NOT FAKE: === Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.153]) by pigeon.gentoo.org (Postfix) with ESMTP id 3E5ACE0229 for gentoo-user@lists.gentoo.org; Mon, 26 May 2008 00:30:07 + (UTC) === -- Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
On Fri, 30 May 2008 02:05:42 +0300 Daniel Iliev [EMAIL PROTECTED] wrote: On Thu, 29 May 2008 08:38:27 + (UTC) [EMAIL PROTECTED] wrote: W. Canis wrote: OK, I can't bring myself a proof of concept. Allow me to help you with that part. Personally I still think signatures in public mailing lists are overrated. NOT signed by Some Gentoo user with a security job and 5 minutes of time P.S. Daniel - I really hope this is ok with you. I took your dare literally for this one time. Your personality won't be abused by me again. No problem,..ehh..PSZ, I presume? :) It was I who gave the idea and the challenge. Don't worry, it's really fine by me. I admit I looks very much as if the message was sent by me and could be deceiving at first glance, but: FAKE: === Received: from observed.de (observed.de [81.169.134.89]) by pigeon.gentoo.org (Postfix) with ESMTP id AE151E05BC for gentoo-user@lists.gentoo.org; Thu, 29 May 2008 08:38:27 + (UTC) === NOT FAKE: === Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.153]) by pigeon.gentoo.org (Postfix) with ESMTP id 3E5ACE0229 for gentoo-user@lists.gentoo.org; Mon, 26 May 2008 00:30:07 + (UTC) === Except that even that can be faked. The header is part of the payload, so can be whatever the user decides to put in, simply fake some a set of relay lines, and how do you know? Rob. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
On Fri, 30 May 2008 00:11:51 +0100 Robert Bridge [EMAIL PROTECTED] wrote: On Fri, 30 May 2008 02:05:42 +0300 Daniel Iliev [EMAIL PROTECTED] wrote: On Thu, 29 May 2008 08:38:27 + (UTC) [EMAIL PROTECTED] wrote: W. Canis wrote: OK, I can't bring myself a proof of concept. Allow me to help you with that part. Personally I still think signatures in public mailing lists are overrated. NOT signed by Some Gentoo user with a security job and 5 minutes of time P.S. Daniel - I really hope this is ok with you. I took your dare literally for this one time. Your personality won't be abused by me again. No problem,..ehh..PSZ, I presume? :) It was I who gave the idea and the challenge. Don't worry, it's really fine by me. I admit I looks very much as if the message was sent by me and could be deceiving at first glance, but: FAKE: === Received: from observed.de (observed.de [81.169.134.89]) by pigeon.gentoo.org (Postfix) with ESMTP id AE151E05BC for gentoo-user@lists.gentoo.org; Thu, 29 May 2008 08:38:27 + (UTC) === NOT FAKE: === Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.153]) by pigeon.gentoo.org (Postfix) with ESMTP id 3E5ACE0229 for gentoo-user@lists.gentoo.org; Mon, 26 May 2008 00:30:07 + (UTC) === Except that even that can be faked. The header is part of the payload, so can be whatever the user decides to put in, simply fake some a set of relay lines, and how do you know? Rob. Yes, you can insert headers before you send the message, but the SMTP server which receives the message for local delivery always has the final word. In this case pigeon.gentoo.org has added its headers to the proof of concept message and we can see that the mail from [EMAIL PROTECTED] was actually sent from elsewhere. -- Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
On Fri, 30 May 2008 00:11:51 +0100 Robert Bridge [EMAIL PROTECTED] wrote: On Fri, 30 May 2008 02:05:42 +0300 Daniel Iliev [EMAIL PROTECTED] wrote: On Thu, 29 May 2008 08:38:27 + (UTC) [EMAIL PROTECTED] wrote: W. Canis wrote: OK, I can't bring myself a proof of concept. Allow me to help you with that part. Personally I still think signatures in public mailing lists are overrated. NOT signed by Some Gentoo user with a security job and 5 minutes of time P.S. Daniel - I really hope this is ok with you. I took your dare literally for this one time. Your personality won't be abused by me again. No problem,..ehh..PSZ, I presume? :) It was I who gave the idea and the challenge. Don't worry, it's really fine by me. I admit I looks very much as if the message was sent by me and could be deceiving at first glance, but: FAKE: === Received: from observed.de (observed.de [81.169.134.89]) by pigeon.gentoo.org (Postfix) with ESMTP id AE151E05BC for gentoo-user@lists.gentoo.org; Thu, 29 May 2008 08:38:27 + (UTC) === NOT FAKE: === Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.153]) by pigeon.gentoo.org (Postfix) with ESMTP id 3E5ACE0229 for gentoo-user@lists.gentoo.org; Mon, 26 May 2008 00:30:07 + (UTC) === Except that even that can be faked. The header is part of the payload, so can be whatever the user decides to put in, simply fake some a set of relay lines, and how do you know? Rob. Yes, you can insert headers before you send the message, but the SMTP server which receives the message for local delivery always has the final word. In this case pigeon.gentoo.org has added its headers to the proof of concept message and we can see that the mail from [EMAIL PROTECTED] was actually sent from elsewhere. Glad to hear you didn't mind, Daniel. Yes, you traced me correctly. And as Rob already noticed, that could be circumvented by spoofing the header a little more. Also you were correct to notice, that the receiving server has the last word - however many servers today do -not- perform reverse DNS lookups. You can basically put into the EHLO message whatever you want and the receiving server will buy it. So with some effort we could make it look as if the message was actually received from fg-out-1718.google.com. At least as long as pidgeon.gentoo.org doesn't do reverse DNS lookups, which frankly I didn't check. :) --Paul -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
On Tue, 27 May 2008 11:27:10 +0200 Wolf Canis [EMAIL PROTECTED] wrote: Agreed, because of the way the subscription process works. The way how someone subscribed to a list is _only_ with a e-mail address. This would change if the subscription process would demand a signature. Absolutely. I just wonder how many people will choose not to use such kind of list in order not to sacrifice their anonymity. No fully agreed, because if someone is signing his messages, all other subscribers have the possibility to see whether it's the same person or not. Not in the sense of real live identity but at least same Nick or Name. In my case for example Wolf Canis. Would know a message reach the ML with my Name but no signature or a different signature, could one relatively be sure about the fact that this particular message is not from the original Wolf Canis. It also might be the same person signing with different keys or sometimes signing somtimes - not. What's the difference for the other guys on the list - in both cases they will get some junk before the offending account is stopped. What's the difference for the sender - guilty or not, his address gets blacklisted. Why not? Every public key is downloadable, except one created a key and forgot to upload the public key, in this case is his/her signature pointless. Forgot, choosed not to, didn't renew... I believe it's the majority, but I may be wrong. Bottom line: I see no reason for signing messages to MLs like this one. Disagree, because of the possibility that without signatures it's relatively easy to bring a subscriber into discredit. Relatively easy? Well, hereby I give you my blessing and dare you to send a proof of concept message to this list imposing as me. Additional condition: you must have no other access to Gmail than what is granted to everyone outside the company. If you succeed I promise to sign every single email I send from that point on. :) -- Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
On Tue, 27 May 2008 10:34:28 +0100 Neil Bothwick [EMAIL PROTECTED] wrote: On Tue, 27 May 2008 08:28:27 +0300, Daniel Iliev wrote: 1. Trouble saving Will signatures help if a mailing list (ML) receives spam? No. The admins won't accept arguments like Those mails weren't signed, it's not me. Signature or not the address gets its ban and that's it. Is that true of every list? Do you know every list's owner or policy? No, not really but the whole time I had in mind only this list and those alike (anonymous, public and tech-oriented at the same time). I apologize if I didn't make it clear. It's not only about spam and banning anyway. Someone could try to discredit you by posting inflammatory, abusive, racist or otherwise unacceptable posts in your name. Not my name, the name of the account. Those are not the same thing, especially in The Internet where everyone is anonymous by default. Some use other people's names, others use nick names etc. Our names in this list mean nothing. For example my account is expendable and I've registered it exactly with the idea to get rid of it if it gets flooded with spam. If every post you send to the list is signed, those unsigned messages lose credibility. By signing all messages, you are effectively saying If I didn't sign it, I didn't send it. Unsigned messages have no credibility anyways. There's no need to use your signature to imply it and actually you can't do that by design. Of course, this all falls apart on lame listservs like Yahoo Groups that strip all attachments, including PGP signatures. Not my problem. I don't use them. :) -- Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
Quoting Wolf Canis [EMAIL PROTECTED]: Is there a problem with signed messages? Signed messages doesn't make any sense on a mailing list. This message was sent using IMP, the Internet Messaging Program. -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
* Norberto Bensa ([EMAIL PROTECTED]) [25.05.08 16:52]: Quoting Wolf Canis [EMAIL PROTECTED]: Is there a problem with signed messages? Signed messages doesn't make any sense on a mailing list. Why? -- Religion ist das Opium des Volkes. Karl Marx [EMAIL PROTECTED]@N GÜNTHER mailto:[EMAIL PROTECTED] pgpYJWj8hMy7S.pgp Description: PGP signature
Re: [gentoo-user] Mailing list and PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norberto Bensa wrote: Signed messages doesn't make any sense on a mailing list. I may ask you for a explanation, please? I think they make a lot of sense, because you or the mailing system are able to verify the message or rather the origin, if implemented. One would very easily see whether the person is the person who has subscribed to the list. W. Canis -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkg5ldcACgkQKT9zBKF0twWpugCfXeAs+rrt1PkJSBcKFh8kEscb nMMAoIImyFjrBJ8rC39htY7FYCWnXDby =ccQk -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
On Sunday 25 May 2008, Wolf Canis wrote: Norberto Bensa wrote: Signed messages doesn't make any sense on a mailing list. I may ask you for a explanation, please? I think they make a lot of sense, because you or the mailing system are able to verify the message or rather the origin, if implemented. One would very easily see whether the person is the person who has subscribed to the list. This is a nice list with helpful people. There are other lists however, when it is not that rare for malicious (or unhinged) individuals to impersonate someone else and hijack their email address to publish offensive content. After a while using a digital signature (GnuPG or x509) becomes a habit. It doesn't really add that much overhead anyway (197 Bytes for gpg to 3.1k Bytes for s/mime). -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Mailing list and PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mick wrote: This is a nice list with helpful people. No doubt about that. :-) There are other lists however, when it is not that rare for malicious (or unhinged) individuals to impersonate someone else and hijack their email address to publish offensive content. After a while using a digital signature (GnuPG or x509) becomes a habit. That's exactly the case. ;-) It doesn't really add that much overhead anyway (197 Bytes for gpg to 3.1k Bytes for s/mime). That's what I thought. :-) W. Canis -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkg5qioACgkQKT9zBKF0twUtLACeIKqDkUvBYAMbdN8ZFVB4ujfi 4aMAn1KuvGPgRRNAleEZ2CyKAP5YK4lJ =wov3 -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
On Sun, 25 May 2008 20:04:29 +0200 Wolf Canis [EMAIL PROTECTED] wrote: Mick wrote: This is a nice list with helpful people. No doubt about that. :-) Yep! :) There are other lists however, when it is not that rare for malicious (or unhinged) individuals to impersonate someone else and hijack their email address to publish offensive content. After a while using a digital signature (GnuPG or x509) becomes a habit. That's exactly the case. ;-) Two questions. How would signing your emails to this list help you: - in avoiding the above to happen to you? - help you in case that happens after all? Explain, please. -- Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Mailing list and PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all, it seems that sometimes mails of mine doesn't go to the list. :-( I had this problem just a couple of hours ago. I send a reply to the thread Need help with a regex but the mail doesn't reach the list. I looked in the archive and it doesn't reach there too. These mail was send with PGP/MIME. I send this message at 6:03 PM CET. At 10:13 PM CET I send the mail again but this time without PGP/MIME - and this time the mail reached the list. =-0 Now I'm wondering whether it could be that the list server has problems with those mails or perhaps those mails are simply blocked. Is there a problem with signed messages? Thanks in advance. W. Canis PS: Send at 11:12 PM CET without PGP/MIME -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkg4hY8ACgkQKT9zBKF0twVwTQCfXhXFfWr4xhszNsXp/Y7tr842 h/wAn2yblYfRQ2hXqe7EhO86e3tJAGD+ =uC1C -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
Wolf Canis wrote: Hello all, it seems that sometimes mails of mine doesn't go to the list. :-( I had this problem just a couple of hours ago. I send a reply to the thread Need help with a regex but the mail doesn't reach the list. I looked in the archive and it doesn't reach there too. These mail was send with PGP/MIME. I send this message at 6:03 PM CET. At 10:13 PM CET I send the mail again but this time without PGP/MIME - and this time the mail reached the list. =-0 Now I'm wondering whether it could be that the list server has problems with those mails or perhaps those mails are simply blocked. Is there a problem with signed messages? Thanks in advance. W. Canis Sending w/PGP/MIME, email me off list if you get this. I'll also send one w/pgp not mime encoded -- Eric Martin PGP fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Mailing list and PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wolf Canis wrote: | Hello all, | | it seems that sometimes mails of mine doesn't | go to the list. :-( | | I had this problem just a couple of hours ago. I | send a reply to the thread Need help with a regex | but the mail doesn't reach the list. I looked in | the archive and it doesn't reach there too. These | mail was send with PGP/MIME. I send this message at | 6:03 PM CET. | At 10:13 PM CET I send the mail again but this time | without PGP/MIME - and this time the mail reached the | list. =-0 | | Now I'm wondering whether it could be that the | list server has problems with those mails or perhaps | those mails are simply blocked. | | Is there a problem with signed messages? | | Thanks in advance. | | W. Canis | | PS: Send at 11:12 PM CET without PGP/MIME This one isn't sent as pgp/mime - -- Eric Martin PGP fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIOIvedheOldgSlQgRAgCVAJ976+MXAQLryssn3ESsstbZKehuvACdGf8+ A+bc7Eku4Tv9PPnJrZvNcZg= =4PC8 -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Mailing list and PGP/MIME
On Saturday 24 May 2008, Wolf Canis wrote: Hello all, it seems that sometimes mails of mine doesn't go to the list. :-( I had this problem just a couple of hours ago. I send a reply to the thread Need help with a regex but the mail doesn't reach the list. I looked in the archive and it doesn't reach there too. These mail was send with PGP/MIME. I send this message at 6:03 PM CET. At 10:13 PM CET I send the mail again but this time without PGP/MIME - and this time the mail reached the list. =-0 Now I'm wondering whether it could be that the list server has problems with those mails or perhaps those mails are simply blocked. Is there a problem with signed messages? Thanks in advance. W. Canis PS: Send at 11:12 PM CET without PGP/MIME I don't think that there is. I can see both of your messages in the Need help with a regex thread. The headers from the first have this: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:disposition-notification-to:date:reply-to:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:from; bh=8nJHtHVM1pLtFS7S3E9XQwyBoXWyVCNrAWYh/PaG3W4=; b=J2kVYQw+TTZAVqYAlX9c6nmWNncd79WJ5r83oTSmqotKj9zo/x7SbTSgk2oU3Be/R1fIXwnyrf4kEXXExtRL7S05zJzeF9qYb1R0ocDl9fkZsYQVZ2GPB/Msxh/fypt7McDv4c0jKo31fVMywEgGk1w0RmpIocdjk2zCRcy3Dck= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:disposition-notification-to:date:reply-to:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:from; b=Q2J8PUjq+XbWzo6RwkQfbKHScves6kkidktdd3g90fXfCVmRJCJAxmVLtBoqQGru1yPVhkrBLHlNs+q3W8CNcxv2BkipatUKnaB8VTw0B+lI84yNj2Nn/gGtTtv5MJR01cyJeEwP7IP9gFPeKlox1FYNLOgAKkQ0zifZhUMxFgQ= and the headers from the second message have this in them: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:disposition-notification-to:date:reply-to:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding:from; bh=gk2O1mwz5uCJ4PpK76vLq4QHyNig9QDxYfm/YqzClWM=; b=FNacOG7Cf1kfquse2aB8/6WFOW95LzIyIoJZk1rATB3vgGJefl3gy7KSb5IzCwbYCWSnJ2/LlP/nJAKd5G3nkr+HbZbIJ03QL/BXyMKIEfhLT1+QIlMtpZkJq6EpTlz4TiCRynD2V3nd5VGhntGo5OB1MaBG1c/UslitTOvXiMw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:disposition-notification-to:date:reply-to:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding:from; b=agmVWP3rWVeDaIvI3qArg7inIUOmBBiUo8F6Ekzz1zlvTsbCi5f0UKYaVGG8uloqw2pOo+0GJlpfsySj4W3bOHFMw26vRyAWjl4jC/DktdPSroIDFVJj+D/EWef7prGMZmRD8c0TOmP0lFilxnb6Jv9EM90VO60IGIb/kyBPqng= Kmail shows this in its GnuPG header on the first message: Message was signed by [EMAIL PROTECTED] (Key ID: 0x293F7304A174B705). The signature is valid, but the key's validity is unknown. and the second message: Message was signed by Wolf Canis (Common) [EMAIL PROTECTED] (Key ID: 0xA174B705). The signature is valid, but the key is untrusted. Notwithstanding delays with googlemail, Gmane also takes some time before it shows posted messages. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Mailing list and PGP/MIME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mick wrote: I don't think that there is. I can see both of your messages in the Need help with a regex thread. Somewhat strange is it. On archives.gentoo.org the mentioned mails aren't, only the second, but on gmane they are. I just looked there. [...] Kmail shows this in its GnuPG header on the first message: Message was signed by [EMAIL PROTECTED] (Key ID: 0x293F7304A174B705). The signature is valid, but the key's validity is unknown. and the second message: Message was signed by Wolf Canis (Common) [EMAIL PROTECTED] (Key ID: 0xA174B705). The signature is valid, but the key is untrusted. That looks good. :-) Notwithstanding delays with googlemail, Gmane also takes some time before it shows posted messages. It seems that that is the case. But how know one that the mail is actually arrived? The list delivers not to sender of a post. This is normally absolutely correct on the one hand, on the other hand, if it would, one would know whether a mail has the list arrived or not. W. Canis -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkg4t3gACgkQKT9zBKF0twV97gCgh8xZ2IOQSCkRUMOKD8EEIePD Wq4AoI7uc1035kGSpwPNZKPJiMqG68nr =Ezrh -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list