Re: Challenge-response mail filters considered harmful

To: debian-user@lists.debian.org
Subject: Re: Challenge-response mail filters considered harmful
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Tue, 5 Aug 2003 06:40:55 +0100
Message-id: <[🔎] 20030805054055.GR14726@ganymede>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20030805005026.GF18153@pigeon.pigeonloft>
References: <[🔎] 20030804201818.GA1176@earthlink.net> <[🔎] 20030804214842.GA5588@shorty.ca> <[🔎] 20030805005026.GF18153@pigeon.pigeonloft>

on Tue, Aug 05, 2003 at 01:50:26AM +0100, Pigeon (jah.pigeon@ukonline.co.uk) wrote:
> On Mon, Aug 04, 2003 at 05:48:42PM -0400, ScruLoose wrote:
> > On Mon, Aug 04, 2003 at 01:18:18PM -0700, Alan Connor wrote:
> > > 2) They are a an extreme violation of netiquette
> > 
> > I don't know where you've been learning your netiquette. PGP-signed
> > messages have been widely regarded as acceptable (if not preferable)
> > for *at least* the past decade.
> 
> I'm on a yahoo mailing list that automatically strips PGP signatures
> from posts. I consider that a genuine breach of netiquette. 

It's a specific violation of RFC 2015.  Among the reasons for supporting
a MIME-encoded PGP signature and payload is so that mail transports (and
archives) will _treat the content as immutable_.  This should be
reported as a bug to Yahoo.

Then again, there are other problems I've got with Yahoo lists/groups
which basically wall them off from me.  Try reading a Yahoo group w/o
cookies sometime.

> > > 4) They make posts hard to read and ugly.
> > 
> > Only if you're reading them on a badly broken client (or User-Agent if
> > you prefer the term).
> 
> eg. Outlook Express...

More to the point:  the RFC 2015 standard (as opposed to the S-MIME
signature standard) calls for a message body which is otherwise
unimpeded, and a signature which itself is plain text, meaning that if a
mailer without RFC 2015 support does _the right thing_ and doesn't mess
with the message, both are available.  As cleartext.  And for subsequent
validation.  Microsoft naturally "embraces and extends" this standard in
a way that breaks utility.

> > A properly designed program *even if it doesn't know PGP* will just
> > display the message text, leaving the signature alone it its own
> > attachment.
> 
> And a decent client that does understand PGP will do the same if you
> tell it to, so you don't have to be encumbered with it if you don't
> want to be.

Alan's complaints here are very curious as his headers indicate he uses
mutt.  Which was designed as a reference RFC 2015 implementation by
Michael R. Elkins, specifically to provide PGP signature and encryption
support.

Similarly, Alan's mail configuration breaks threads for some reason.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Support the EFF, they support you:  http://www.eff.org/

Attachment: pgprY055Prv9B.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Challenge-response mail filters considered harmful
  - From: Anthony Rowe <ay986@chebucto.ns.ca>

References:
- Re: Challenge-response mail filters considered harmful
  - From: Alan Connor <alanc@localhost>
- Re: Challenge-response mail filters considered harmful
  - From: ScruLoose <scruloose+debuser@eastlink.ca>
- Re: Challenge-response mail filters considered harmful
  - From: Pigeon <jah.pigeon@ukonline.co.uk>

Prev by Date: test please igore
Next by Date: On Woody: (No) Sound with VIA 686a Southbridge, AC 97
Previous by thread: Re: Challenge-response mail filters considered harmful
Next by thread: Re: Challenge-response mail filters considered harmful
Index(es):
- Date
- Thread