Return-Path: Delivered-To: apmail-community-archive@www.apache.org Received: (qmail 39059 invoked from network); 5 Nov 2003 22:57:53 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 5 Nov 2003 22:57:53 -0000 Received: (qmail 50461 invoked by uid 500); 5 Nov 2003 22:57:38 -0000 Delivered-To: apmail-community-archive@apache.org Received: (qmail 50310 invoked by uid 500); 5 Nov 2003 22:57:36 -0000 Mailing-List: contact community-help@apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: community@apache.org Delivered-To: mailing list community@apache.org Received: (qmail 50285 invoked from network); 5 Nov 2003 22:57:36 -0000 Received: from unknown (HELO ms-smtp-01-eri0.southeast.rr.com) (24.25.9.100) by daedalus.apache.org with SMTP; 5 Nov 2003 22:57:36 -0000 Received: from noel770 (cae88-16-024.sc.rr.com [24.88.16.24]) by ms-smtp-01-eri0.southeast.rr.com (8.12.10/8.12.7) with SMTP id hA5MvTQT012537; Wed, 5 Nov 2003 17:57:40 -0500 (EST) From: "Noel J. Bergman" To: Cc: Subject: RE: bogus subs to mailing lists (more?) Date: Wed, 5 Nov 2003 17:57:39 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal In-Reply-To: <49CAAA53-0FB4-11D8-91CE-000A958871C6@hisitech.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N > I think the moment is coming where we should think about using those > interesting GPG keys for something more than "just" signing releases. S/MIME certificates are acquired, e.g., from Thawte, just as you would an SSL certificate. There are root Certificate Authorities, just as for HTTPS. Any good mail client has built-in support. Thawte certificates are free, although they have limited verification until you start to get signed by Thawte notaries (another web-of-trust concept). > Is there any way, for instance, to allow messages signed by Apache > committers to pass through to any public Apache list unmoderated? How do you propose getting a critical mass of signed mail, and what do you want to do in the meantime with unsigned mail from a subscriber? The mail server would need everyone's public key to verify the signatures. But how does that solve the problem? Are you going to require *ALL* messages to be signed? Mind you, I've been saying for years that, because of spam, e-mail anonymity is going to die. All messages will be required to be digitally signed, or will be considered spam a priori. So your view does not bother me in the slightest, but other people consider that there is a right to send anonymous e-mail. I agree. I'd just mark it as spam. But until S/MIME is the accepted norm, rather than the exception, I don't see that it offers a solution. --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: community-unsubscribe@apache.org For additional commands, e-mail: community-help@apache.org