On Wed February 25 2004 11:50, gnulinux@xxxxxxxxxxx wrote: > if it's not > too much trouble i do request that you browse through > the rest of my post. Already deleted, and I can't be arsed to go trash-digging right now. > i am very much wanting dialogue > around the issue of having the list digitally signed > by the list processor. Okay, my three cents (inflation): If the folks who actually run the list find themselves a spare moment to breathe (not likely so soon before or after the meeting in Korea), it might be fairly easy to implement. However, what does it gain us? Authentication that the message in question, was indeed sent via the IETF list. What does THAT gain us? The ability to separate it out from the spam. (Note also the assumption that anything sent to, or at least received from, the IETF list is NOT spam. That may hold for this list, but certainly not for all.) On the other claw, using the Sender line for that purpose has been working just fine for me. (It's forgeable, sure, but I see no sign that spammers have bothered to do so, and don't think it's likely that they will in the future.) That's also trivial to set up in any decent MUA. Same holds for the List-ID, X-Been-There, and other markers used by most other mailing lists. Most cannot filter so easily (or at all) on the presence/absence or [in]validity of a digsig. Sure, advanced tools such as procmail certainly can, but many of us don't even find it necessary to use such things at ALL yet, and they're awfully difficult for Joe Luser to set up for his mail from RANDOM-L. Zero net gain, for at least some (and likely much) additional effort. Why bother? -- Dave Aronson, Senior Software Engineer, Secure Software Inc. Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org (Opinions above NOT those of securesw.com unless so stated!) WE'RE HIRING developers, auditors, and VP of Prof. Services.