<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Mr. Salz:<br>
<br>
despite mr dukhovni's assertion that spam is not a problem and that
people that are concerned about it are a problem, i contend that the
seeming laxness of list controls is the core problem and spam is
just an indicating vector. to wit:<br>
<br>
'<i>List membership is not public</i>' which may be true until
someone busts into the list and become privy to all of the personal
data of posters. such intrusions will continue until someone
addresses these breeches for what they are: security lapses.<br>
<br>
'<i>Only members can post to the list</i>' is obviously not true
when the same party which has prompted this thread posted to the
list twice in a short time-frame (and this has happened before) from
IP's without rDNS, from a bogus email/domain, and via an unknown
MTA. these glitches can be easily caught in postfix when it is set
up with a pretty minimalist approach to security.<br>
<br>
my comment re aliases goes to the concern that a list that is all
about HTTP/SMTP security and identity surety is freely dispersing so
much personally identifiable subscriber information (PII) that is of
such a high order of sensitivity that it is protected under U.S.
Title XIII with parallel Canadian codes, even more stringent EU
reg's such as 'Directive 95/46/EC' and the newly-enacted 'General
Data Protection Regulation' ('GDPR'), and some EU Member regulations
with stronger protections than those embodied in 95/46/EC (such as
Nederland 'Wet bescherming persoonsgegevens' and UK 'Data Protection
Act' amongst others).<br>
<br>
in reality, openssl has no choice but to eventually comply with GDPR
which would prohibit what is currently being done. so, it would be
best to just get on with adapting all openssl systems to meet higher
ethical and regulatory standards before they are embarrassingly
imposed or, much worse, be shown to have operated in such a way that
system breeches at subscriber firms could be traced back to openssl.<br>
<br>
<br>
<pre class="moz-signature" cols="80">Thank you,
Johann v. Preußen
</pre>
<div class="moz-cite-prefix">On 2016.Apr.19 19:03, Salz, Rich wrote:<br>
</div>
<blockquote
cite="mid:731c7763e63a4085b4291e110dfee4a7@usma1ex-dag1mb1.msg.corp.akamai.com"
type="cite">
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">the wider problem case is how non-subscribers are given two-way access to the list that exposes so much subscriber info (name, professional affiliation, email addr, ...) to whomever. i cannot fathom why the list does not make use of aliases so that each subscriber can control what they want to make public via their alias profile.
</pre>
</blockquote>
<pre wrap="">
List membership is not public . Only members can post to the list. Not sure what else you think we are doing wrong.
</pre>
</blockquote>
<br>
</body>
</html>