[Mailman-Developers] Testing different email structures with MUAs

[Stephen J. Turnbull]

Daniel Kahn Gillmor writes:

 > I'm just pointing out that mailman commonly produces what you've
 > called "invalid data",

In the OpenPGP sense that the whole message cannot be considered to be
validly signed, even though it may contain a multipart/signed part
with a valid signature.

 > and that its common production of that "invalid data" is precisely
 > what this MUA's author cites as something he wants to be able to
 > validate instead of hiding the main message contents' openpgp
 > signature entirely. [0]

How is that relevant to us?  No matter how you slice it, if Mailman
does its thing of adding a header or footer, the MUA has to dig into
MIME structure and validate a subpart.  Sure, in Abhilash's scheme
Mailman will be validating the subpart as a service to lazy (?) or
anonymous subscribers, but a PUCT[1] will want to double-check that
Mailman did what it claims to do.

 > But producing messages is what mailman does, so maybe we fix the
 > message-producing mailman wackiness on the mailman list

It's *not* wackiness.  It's perfectly standard-conforming, and I see
no reason why people who currently don't sign messages, and don't want
to ask Mailman to do so because the necessary infrastructure is user-
hostile, should be punished or be criticized for producing such messages.

My point is that I have no objection to trying to create valid
messages that will validate correctly on as many MUAs as possible.
What I object vehemently to is the idea that what a broken MUA (such
as TB-E) does is a valid test of anything Mailman does.  Especially
not with a broken message.

I also have no objection to Mailman lists simply signing everything,
so that they can advertise that they do.  (OTOH, this is already more
or less fulfilled by DKIM, so it's a niche use case.)


Footnotes: 
[1]  Paranoid User of a Certain Type.  Ie, trusts the author but not
the list.