-----BEGIN PGP SIGNED MESSAGE----- As I recall, the PGP-filtered mail list idea was proposed to the list a while back and semi-informally put to a vote. At the time, I 'voted' against the idea, because I did not perceive the spoofing problem to be serious enough to warrant that sort of response. Times change, I guess - it's easy to filter certain names and anon ids out of my mail, but more complex spoofs involving SMTP ports and so on call for more involved filtering procedures. Here's my two cents' worth- how about a filter on incoming mail to the list that performs these functions: 1) check the incoming post for a PGP signature 2) If a sig is found, check it against the list's public keyring 3) If the key matches, pop a line like "X-PGP-Keycheck: user so-and-so" into the posting 4) If the incoming message already has a "X-PGP-Keycheck:" line in it, drop that line off - somebody's trying to spoof us For those 'punks who can/will sign their messages, this would provide a simple 'reputation check' visible to all recipients. For others, postings would flow through the system exactly like they do today, vulnerable to spoofs and so on. My main concern is that we get a filter online that is secure but simple. Programmers (myself included) will want to launch off and devise some horrendously complex PGP empire right away, but it would probably be smarter to start small. - -- ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn@dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLTjTAwvlW1K2YdE1AQGEdAP8DY8KAK7EU9HkPxuuqMwApwTB7hMP+k1i WGzHgq6RLQvHpZAbzywAbLvxVayzbPd+oCAfF8rSuf7NgFiz8TSqIDyMxM7dGh8Q 8KkEUbEyMQG4//M1Y0HrxhZXemq0a98umtAEQmyyFUFFuvrR95q5iJ1BtGqqF+oH fNXp2UIqfIw= =cXHA -----END PGP SIGNATURE-----