[HTTPS-E Rulesets] HTTPS Everywhere rule
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jan 24 07:32:07 PST 2014
On 01/23/2014 09:25 PM, Joshua Johnson wrote:
> Can attachments within this email group be disallowed or securely scanned
> before passing along to the group to help prevent malicious attacks?
I don't think it should be the mailing list's job to do that. I also
don't believe there is such a thing as a "secure scan" without many
further details about what specific systems you are trying to secure
against what specific kinds of attacks. And disallowing attachments
would be a terrible idea for a list whose main goal is to solicit
patches from the community.
As for secure scanning: since we don't know the full list of systems
that process mail that comes from the list, we won't ever know what
sorts of scanning is necessary.
In practice, a few basic checks (like limiting the size of each message,
or rate-limiting subscribers who send too frequently) might be
warranted, but excessive filtering is probably harmful to the list, and
it seems to be an insoluble problem in the first place.
Is there any evidence that this list has been abused to transmit
malicious content to any of its readers?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere-rules/attachments/20140124/bcfcd3b0/attachment.sig>
More information about the HTTPS-Everywhere-Rules
mailing list