[ih] OpenPGP and email lists

touch at strayalpha.com touch at strayalpha.com
Sat Feb 1 14:41:11 PST 2025 

OK, so now I need to step in and remind everyone that this list is for discussions of Internet History.

Debates on how to run an email list should be taken elsewhere.

Please stay on-topic and remember that this list isn’t run by the ISOC; it’s only hosted by the ISOC.

Joe
—
Dr. Joe Touch, temporal epistemologist
www.strayalpha.com

> On Feb 1, 2025, at 1:00 PM, Andrew G. Malis via Internet-history <internet-history at elists.isoc.org> wrote:
> 
> Jack,
> 
> This discussion is getting pretty far afield from the original topic, so I
> changed the subject. it's also getting away from Internet History, so we
> may have to take this elsewhere. :-)
> 
> OpenPGP is orthogonal to DMARC, SPF, etc., and email list header munging.
> It's meant for end-to-end security between pairs of email users.
> 
> You typically wouldn't use it on an email list because you use the
> receiver's public key to encrypt the email that you're sending. Thus, the
> receiver with the matching private key will be the only person able to read
> it.
> 
> Cheers,
> Andy
> 
> On Sat, Feb 1, 2025 at 3:14 PM Jack Haverty via Internet-history <
> internet-history at elists.isoc.org> wrote:
> 
>> Well... I disagree, or at least don't understand.
>> 
>> Last year when I was receiving complaints that some people weren't
>> getting my email, I learned more than I ever wanted to know about those
>> "munging mechanisms" such as DMARC, SPF, PGP, et al.  It's a mess, and
>> it seems that mailing lists can no longer be considered reliable as more
>> and more "anti-spam" measures are created.
>> 
>> IMHO, "doing it right" by breaking digital signatures negates a
>> mechanism that might reduce spam.  With such signatures, it possible to
>> determine that a message actually came from the person who seems to have
>> sent it.
>> 
>> In this case, "doing it right" contradicts other IETF-driven work which
>> might alleviate email spam, e.g.:
>> https://www.openpgp.org/about/standard/
>> 
>> That doesn't seem "right" to me.    ISOC doesn't even sign the altered
>> messages it send to the list, to confirm that the ISOC server was the
>> actual source.
>> 
>> Such strategy likely motivates people to migrate to other
>> closed-community systems, e.g., Whatsapp or its competitors.
>> 
>> IMHO, most people, governments, corporations, and others would probably
>> agree that spam is a serious and worsening problem with the Internet.
>> If ISOC agrees, they could use their own systems to define, develop,
>> debug, test, and then showcase how to "do it right" - as ARPA and NSF
>> did back in the early days.
>> 
>> Jack
>> 
>> On 1/31/25 16:46, Brian E Carpenter via Internet-history wrote:
>>> Jack,
>>> 
>>> Back when 95% (or whatever the exact fraction is) of email wasn't spam,
>>> mailing list operators didn't have to do anything special. But today,
>>> every mailing list operator has to either do a number of things that
>>> involve munging messages in one way or another, to avoid anti-spam
>>> mechanisms used by all the major email provders, or give up and close
>>> the lists. An expert on this such as John Levine could explain many
>>> of those munging mechanisms, so I won't try. But ISOC's choice is to
>>> rewrite the nominal sender of the mail to match the actual sender, i.e.
>>>   Jack Haverty via Internet-history <internet-history at elists.isoc.org>
>>> for your messages, so naturally they will not be signed by you when they
>>> reach subscribers. That's "doing it right" in the era of pervasive spam.
>>> 
>>> As for:
>>> 
>>>>>> Large items should be posted via links to other storage sites.
>>> 
>>> Surely people here of all people are aware that mailing list archives
>>> are a very poor method of digital conservation. For example, many
>>> (probably most) IETF WG mail archives prior to the lists being hosted
>>> at ietf.org are incomplete or lost.
>>> 
>>> Regards
>>>   Brian Carpenter
>>> 
>>> On 01-Feb-25 08:10, Jack Haverty via Internet-history wrote:
>>>> Thanks, Joe.  I didn't remember ISOC's specific limitations until I got
>>>> the rejection report, which said the message was too big.   So I quickly
>>>> converted the photo into a smaller size of 80KB, to fit well within the
>>>> 400KB constraint, and resent it.  The second try made it through the
>>>> list server, but the image was stripped away with no indication that it
>>>> had ever been there.  I realize you can't do anything about it and
>>>> sympathize.
>>>> 
>>>> Apparently the ISOC service silently censors and alters messages as they
>>>> pass through.   The recipients don't get what I sent.  It also breaks my
>>>> digital signature.   I'm disappointed that ISOC, as parent of the
>>>> Engineering arm of the Internet, doesn't use its own services as
>>>> showcase models of "best practice" to demonstrate how to "do it right",
>>>> as ARPA, NSF, et al did back in the early days of the Internet.
>>>> 
>>>> Jack Haverty
>>>> 
>>>> On 1/31/25 07:40, touch at strayalpha.com wrote:
>>>>> 
>>>>>> On Jan 30, 2025, at 11:27 PM, Jack Haverty via Internet-history
>>>>>> <internet-history at elists.isoc.org> wrote:
>>>>>> 
>>>>>> [trying again... furst try was rejected "Message too big." The
>>>>>> Internet can now handle gigabit speeds, but apparently not emails
>>>>>> more than 400 kilobytes?]
>>>>> 
>>>>> That’s correct; as has been noted before, this list is for discussions
>>>>> but is not a storage archive.
>>>>> 
>>>>> Large items should be posted via links to other storage sites.
>>>>> 
>>>>> Joe (list admin)
>>>> 
>>>> 
>> 
>> --
>> Internet-history mailing list
>> Internet-history at elists.isoc.org
>> https://elists.isoc.org/mailman/listinfo/internet-history
>> 
> -- 
> Internet-history mailing list
> Internet-history at elists.isoc.org
> https://elists.isoc.org/mailman/listinfo/internet-history

More information about the Internet-history mailing list