[Mailman-Developers] Crypto-sign to post
Barry Warsaw
barry at python.org
Mon Nov 13 14:02:01 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Nov 13, 2006, at 2:55 AM, stephen at xemacs.org wrote:
> Barry Warsaw writes:
>
>> I suppose you could also have each mailing list publish a pubkey and
>> require that messages be encrypted with that pubkey in order to get
>> posted.
>
> Hey, that's great, we can update RFC 2369 with a List-Pubkey header!
> I bet Gmane learns to use it within a week after proposal!<wink>
:)
>> Sure, spammers could use the same key to sign spam, but I wonder if
>> that wouldn't be more work than is worthwhile for a botnet.
>
> Don't bet on it. As Brad points out, a botnet has effectively
> unbounded resources per message. If this becomes a standard feature
> of any software as widely distributed as Mailman, some spammer will
> decide to exploit it, and there goes the neighborhood.
Sure, but then they've also got to distribute all the pubkeys for all
the lists they want to spam to all the bots. Yeah, you're probably
right that we're doomed anyway, at least until forced upgrades to
Real OSes for all pwned machines are mandated under threat of UN muscle.
- -B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRVhs1HEjvBPtnXfVAQIqfgP/SCZTN3C18ksCZsJzcJVqPIKQ6OlkKtNG
XEaB1YQUd7mAlTlbPFkaOGmJTL3l4rZuqvfbraI849cO7J4WTXKLuxBXbtVBAxi9
jCP1JCH1DtIUH8JCEe/+f8QKMS5c+iik8MBH8C+aIL7+f5iE9PhkIRwWVFUBbk7p
O/LSW3Q/Gys=
=eFjI
-----END PGP SIGNATURE-----
More information about the Mailman-Developers
mailing list