On Thu, 2014-04-03 at 10:11 +0200, Christian Hilberg wrote:
For that kind of "protection" to have any real meaning, all messages should be cryptographically signed by their author and attached in full to all replies and forwards. An Evolution extension could conceivably enforce that. [...] Cryptographically signing each message with a public key or a trusted certificate is really the only way to ensure previous messages are not altered.Might be obvoius: When replying to a message protected that way, the signature for that message should include all attached messages which came with the message replied to. That way, some verifyable "signing chain" would be created. In case of multiple replies to a single message, i.e. a thread, the signature chain becomes a tree (which is verifyable nonetheless).
I've seen an app like the one he is describing, [I think]. And I don't think his meaning of "protected" goes that far - or at least not if I am thinking of the right thing. The app I used was more about just preventing slapdashery - everyone on a mail list knows that muggle's cannot quote property or slash the quoted section to a useless degree. This was just about forcing the format of the messages to be A->B->C->D and putting some additional meta-data into the header of the message for indexing, data-mining, and event injection. A specific definition of that he means by "protected" is required. Protected as in legally verifiable [cryptographically signed] or protected as in keeping a call-center operator from just deleting everything? -- Adam Tauno Williams <mailto:awilliam whitemice org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA
Attachment:
signature.asc
Description: This is a digitally signed message part