Yes, but unless I'm missing something, HyperKitty does assume Message-IDs are unique.
The safest way to have stable URLs is to generate a random string, concatenate a sequence number, and put the result in an X-Archive-Id: header in the message and store the message with that header in the archive (and include the header in all remailed copies.)
That way, the archive identifier is completely under the control of the mailing list software and not the message originator.
The downside is you can't auto-generate links based on the References: or In-Reply-To: header, but you could map Message-IDs to archive IDs. If you see a given Message-ID more than once, you treat it as contaminated and don't use it to generate links... this minimizes what an attacker can do.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds