[ARIN-consult] Consultation on Prohibiting Attachments on ARIN Mailing Lists

Gert Doering gert at space.net
Tue Apr 24 16:37:38 EDT 2018


On Tue, Apr 24, 2018 at 09:29:14AM -0700, Owen DeLong wrote:
> >> "Not break" as in maintain the signature or "not break" as in don't
> >> strip the signature and then keep the multipart/signed content-type
> >> breaking the validator?
> > 
> > "do not fumble with mail that is PGP signed", not in any way.  
> > 
> > Do not modify the body, those header parts that are covered by the 
> > signature, or the signature itself, or the MIME structure tieing parts
> > together.
> What you are effectively arguing for here is ???Allow attachments as long
> as the message at least pretends to be PGP signed.???

Nah, that was maybe a bit unclear.   I was thinking of "if there is a 
single attachment that claims to be a PGP signature" (which of course
could be actually verified and bounced if it fails signature checking),
but should have said so.

> If we???re going to block attachments, then we should do so.
> If not, then I???m fine with that.
> However, in deference to the PGP signed aficionados, I would suggest that
> we pass (unaltered) any PGP signed message which contains only text/plain,
> text/ascii, text/rtf, and PGP-related MIME parts. For others, we should
> return an error message to the poster explaining that attachments are not
> allowed, but PGP signatures are still permitted.

This would work for me.

Gert Doering
        -- NetMaster
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20180424/d4a5a624/attachment.sig>

More information about the ARIN-consult mailing list