Skip Navigational Links
LISTSERV email list manager
LISTSERV - COMMUNITY.EMAILOGY.COM
LISTSERV Menu
Log In
Log In
LISTSERV 17.5 Help - LSTSRV-L Archives
LISTSERV Archives
LISTSERV Archives
Search Archives
Search Archives
Register
Register
Log In
Log In

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

Menu
LISTSERV Archives LISTSERV Archives
LSTSRV-L Home LSTSRV-L Home

Log In Log In
Register Register

Subscribe or Unsubscribe Subscribe or Unsubscribe

Search Archives Search Archives
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: PK signature support?
From:
Douglas Palmer <[log in to unmask]>
Reply To:
LISTSERV site administrators' forum <[log in to unmask]>
Date:
Mon, 22 Mar 2004 21:54:33 -0500
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (39 lines)
On Mon, 22 Mar 2004, Dennis Boone wrote:

> Like a lot of folks I suppose, we're fighting the issue of forged from
> addresses and list posting, caused mostly by the spam and virus plague.
> For now, the solution is obvious if tedious: use "send= blah,confirm".
>
> I'm wondering if there's any support planned for letting posters
> (or editors or ...) sign messages using public-key schemes.  This would
> let us go back to single phase posting, getting a large number of
> people off my back. (:-)

We've implemented a private key system for two of our announce-only lists.
What we are doing would not be feasible for a larger list -- but it works.

The process is easy enough:

The originating system generates e-mail and adds special headers with a
copy of the sender's public key and a cryptographic header (encoded with
the sender's private key and the public key for the list and based on
parts of the message). The receiving system passes the email through a
filter that checks for the special header and matches it against the
proper parts of the message using the private key for the list and the
public key from the sender. If it fails, the message is silently dropped.
If it clears, the filter removes the special headers and passes it off to
LISTSERV.

It works great -- no spam messages or other spurious messages to the list
to the list maintainer, no need for any verification or validation. Users
can't see anything, so no questions about "funny headers."

On the negative side, I am not allowed to share code beyond what I've
written above.

PK is a great idea, but it would be tremendously difficult to do with a
large list and a variety of people contributing. It's much more easily
done when you have something like an announce list.

-- DCP

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM CataList Email List Search Powered by LISTSERV