On Wed, 29 Oct 2008 00:05:22 -0400 "Michael H. Warfield" mhw@WittsEnd.com wrote:
Which is still (more-or-less) addressed by headers.
Not.
Not at all.
Not even at first blush.
If they were, we could deal with spam a lot easier.
If they were, we wouldn't need SPF or Domain Keys, which nobody is implementing to any effective depth.
I think you're carrying the issue to a depth beyond what's actually under discussion.
If we were making business deals, creating legal agreements of some kind, then I agree that pgp signing and the like is probably a good idea.
But.
This is a technical mailing list, and a relatively high-volume one at that. I think there is a different level of, shall we say, vigilance required on a technical mailing list than there would be on some kind of a high-security operation.
The mailing list itself should absolutely be operated in a relatively secure manner to prevent spam and the like. But within the list itself, I don't think it's necessary to go to great lengths to provide a mechanism for non-repudiation. If someone posts something and it wasn't me, I'll tell you that it wasn't me if it's important and if someone asks. That doesn't require a digital signature.