[cryptography] Reply-To header (Was: Non-governmental exploitation of crypto flaws?)

Jack Lloyd lloyd at randombit.net
Mon Nov 28 21:33:23 EST 2011


On Mon, Nov 28, 2011 at 08:40:45PM -0500, Steven Bellovin wrote:
> 
> On Nov 28, 2011, at 8:03 PM, Nico Williams wrote:
> 
> > The list is configured to set Reply-To.  This is bad, and in some
> > cases has had humorous results.  I recommend the list owners change
> > this ASAP.
> 
> 
> Agree, strongly.  The mailman documentation agrees with us.  I'm on the
> verge of unsubscribing on the grounds that the list is a privacy violation
> in action.

I've flipped that switch in mailman. I was not aware this was a
contentious issue. Mutt asks if I want to reply to sender or list
regardless, with the default being one or the other depending on the
list's setting. I didn't consider other mailers might not behave this
way.

For future reference, complaints about list management (such as it is)
are best sent to me directly (or at least CC'ed) as I really don't
read every post.

-Jack



More information about the cryptography mailing list