[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP posting validation



DrZaphod writes:

> Ah ha!  Another facet of a LIST run authentication system
> [Cypherpunks Run Authentication System - CRASs?]
> may be to allow users to mail THE LIST and ask their mail
> to be filtered so they don't have to pay for msgs they don't
> want.  THIS IS DANGEROUS because a forger could mail in
> such a request.. to patch this, THE LIST could mail out a
> weekly msg -- a compiled list of which msgs got thru, and
> which were filtered, and why. 
>
> This opens up another possibility which may prove more
> effective.  If THE LIST can maintain a list of msgs/posters/
> PGP authentication, then those users who trust THE LIST
> to authenticate their mail can select the msgs they want
> to receive [from the same compiled list].  

The list software that Ray Cromwell wrote for the Extropians list
does all these things.

Users can exclude [user|thread] and receive a regular ( I think
daily) list of filtered msgs. Users can also set their own mode
of receiving the list (reflected or digest), and can temporarily
unsubscribe by excluding all. About the only intervention needed
by list management is for subscribes and permanent unsubscribes,
other than general maintenance.

The list also has a security feature that when turned on only accepts
posts from addresses previously authenticated as belonging to list
members. This can still be spoofed, but at much greater difficulty
than LD has had to expend heretofore.

          Jeff
          [email protected]