gnu-system-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why don't gnu.org and RMS sign mail?

From: Dmitry Alexandrov
Subject: Re: Why don't gnu.org and RMS sign mail?
Date: Sun, 10 Nov 2019 04:49:27 +0300
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) 
Alexandre François Garreau <address@hidden> wrote:
> Le samedi 9 novembre 2019 23:32:59 CET, vous avez écrit :
>> Alexandre François Garreau <address@hidden> wrote:
>> > Le samedi 9 novembre 2019, 21:44:46 CET Dmitry Alexandrov a écrit :
>> >> In the light of yet another letter from your impostor, do you have any 
>> >> more unresolved questions, that impede you from starting to sign mail?  
>> >> Feel free to ask them.
>> > Note signing can be avoided with effective spf policy.
>> 
>> No, it can not.  SPF has nothing to do with message headers.  Itʼs an 
>> antispam measure, that can help to detect fakes when one tries to fake a 
>> domain name of his _SMTP-server_ (e. g. claim that his 89.184.73.65 is not 
>> nvs406.mirohost.net but fencepost.gnu.org), but our impostor have not 
>> bothered to do it.
>
> It is both meant to authentify IP adresses and domains.  So 
> nvs406.mirohost.net instead of fencepost.gnu.org stays invalid as of strict 
> SPF policy (if DMARC asks to enforce it).

Ah, so itʼs not SPF-only but DMARC/SPF.  Then yes, of course.  But...

>> GPG can be avoided by choosing DKIM instead (+ optionally a DMARC policy), 
>> but this _is_ a cryptographic signature.
>
> That’s why I didn’t talk about it.

...unfortunately, strict DMARC that relies only on SPF without DKIM is nearly 
unusable for anyone who wants to use mailing lists: remailed message is no 
longer originated from, say, fencepost.gnu.org but from a listserver, and 
signature that could be used to prove the authenticity in the other way, is 
absent.

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]