[Mailman-Developers] Testing different email structures with MUAs
Stephen J. Turnbull
stephen at xemacs.org
Fri Sep 13 07:23:00 CEST 2013
Daniel Kahn Gillmor writes:
> I'm just pointing out that mailman commonly produces what you've
> called "invalid data",
In the OpenPGP sense that the whole message cannot be considered to be
validly signed, even though it may contain a multipart/signed part
with a valid signature.
> and that its common production of that "invalid data" is precisely
> what this MUA's author cites as something he wants to be able to
> validate instead of hiding the main message contents' openpgp
> signature entirely. [0]
How is that relevant to us? No matter how you slice it, if Mailman
does its thing of adding a header or footer, the MUA has to dig into
MIME structure and validate a subpart. Sure, in Abhilash's scheme
Mailman will be validating the subpart as a service to lazy (?) or
anonymous subscribers, but a PUCT[1] will want to double-check that
Mailman did what it claims to do.
> But producing messages is what mailman does, so maybe we fix the
> message-producing mailman wackiness on the mailman list
It's *not* wackiness. It's perfectly standard-conforming, and I see
no reason why people who currently don't sign messages, and don't want
to ask Mailman to do so because the necessary infrastructure is user-
hostile, should be punished or be criticized for producing such messages.
My point is that I have no objection to trying to create valid
messages that will validate correctly on as many MUAs as possible.
What I object vehemently to is the idea that what a broken MUA (such
as TB-E) does is a valid test of anything Mailman does. Especially
not with a broken message.
I also have no objection to Mailman lists simply signing everything,
so that they can advertise that they do. (OTOH, this is already more
or less fulfilled by DKIM, so it's a niche use case.)
Footnotes:
[1] Paranoid User of a Certain Type. Ie, trusts the author but not
the list.
More information about the Mailman-Developers
mailing list