www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: bogus subs to mailing lists (more?)
Date Wed, 05 Nov 2003 22:57:39 GMT
> I think the moment is coming where we should think about using those
> interesting GPG keys for something more than "just" signing releases.

S/MIME certificates are acquired, e.g., from Thawte, just as you would an
SSL certificate.  There are root Certificate Authorities, just as for HTTPS.
Any good mail client has built-in support.  Thawte certificates are free,
although they have limited verification until you start to get signed by
Thawte notaries (another web-of-trust concept).

> Is there any way, for instance, to allow messages signed by Apache
> committers to pass through to any public Apache list unmoderated?

How do you propose getting a critical mass of signed mail, and what do you
want to do in the meantime with unsigned mail from a subscriber?

The mail server would need everyone's public key to verify the signatures.
But how does that solve the problem?  Are you going to require *ALL*
messages to be signed?

Mind you, I've been saying for years that, because of spam, e-mail anonymity
is going to die.  All messages will be required to be digitally signed, or
will be considered spam a priori.  So your view does not bother me in the
slightest, but other people consider that there is a right to send anonymous
e-mail.  I agree.  I'd just mark it as spam.  But until S/MIME is the
accepted norm, rather than the exception, I don't see that it offers a

	--- Noel

To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org

View raw message