On Fri, 30 May 2003 09:14:51 EDT, Dave Aronson said: > "Tony Hain" <alh-ietf@tndh.net> wrote: > > TH> Mail list servers would be a problem if we only use public > TH> key, so another part of the new system could be establishing > TH> a symmetric key as part of subscribing to a mail list. > > Or alternately, some kind of whitelisting, so that encryption is not > necessary at all. The problem is that to be effective, the whitelisting has to happen at your mail server, not your MUA. And although there's at least a *chance* of your MUA twigging onto the fact that you sent a 'subscribe' request, it's not clear that your provider's MTA can check and auto-whitelist your subscriptions (especially since the 'subscribe' in general does *NOT* give a hint of what MAIL FROM: to whitelist (especially if the list is using VERPs or similar).... And of course, "fill out this form on a webpage" subscriptions are a near-total loss for automagic whitelisting - which means that the provider's phone WILL ring.. ;) It's not clear that you can expect users to hand-whitelist correctly either, especially if the list doesn't give you an RFC2919-style hint of what to whitelist (and see my comment about VERPs)....
Attachment:
pgp00248.pgp
Description: PGP signature