Subject:
|
Re: Email Authentication - Why not make it optional?
|
Newsgroups:
|
lugnet.admin.nntp, lugnet.general
|
Date:
|
Wed, 20 Jun 2001 05:46:39 GMT
|
Viewed:
|
1102 times
|
| |
|
|
In lugnet.admin.nntp, Larry Pieniazek writes:
> In lugnet.admin.nntp, Ross Crawford writes:
> > In lugnet.admin.nntp, Lindsay Frederick Braun writes:
> > > Right. And it's not isolated--ask any of the few people who
> > > actually frequent the entire server, and they'll tell you.
> > > Best not to wait for a full-blown hurricane before installing
> > > seawalls.
> >
> > But a seawall's not gonna help you against an earthquake...
>
> It was hurricane season so a seawall was what was needed. If and when there
> is an earthquake likely that would be the time to do things to earthquake proof.
8?) But life will be miserable if the earthquake hits with little or no warning.
> > > Anyways, I'm happy about the development. The circumstances
> > > of its implementation are less than pleasant, but it's no big
> > > hassle and a welcome sense of security. (And another reason to
> > > register--log in and authentication isn't necessary!)
> >
> > ...if you use the web to post. Most of the people complaining use email or a
> > newsreader to post, for which there's no way to "log on".
>
> They should consider switching to the web mechanism or putting up with the
> inconvenience, while Todd, who I feel is extremely clever, and who said he
> was thinking about ways to help, comes up with mechanisms to ameliorate
> their plight. Not that I think it's much of a plight, actually, but then I
> use the web interface exclusively now, while I am logged in, so for me it is
> zero impact except perhaps a slightly longer time to post (not that I have
> actually seen it, I suspect it adds milliseconds at most).
So in other words, one annoying person has effectively forced many others to
put up with an unnecessary (until now) inconvenience.
I also use the web, and so am unaffected. And I know Todd is looking for
ways to ameliorate the plight of those who don't. I just can't help but feel
that anything which makes it easier for legitimate users also makes it
easier for others, and reduces the effectiveness of the solution.
> And the current method seems quite hard to break. I don't want to kick off a
> lot of speculation about how to defeat it but I'm pretty satisfied that it
> would be very difficult to defeat unless the spoofer has access to the email
> account of the person he is spoofing, or unless the spoofer has access to
> the password of a member. (and you may recall now that I complained
> vociferously that the password algorithm was rejecting all my easy passwords
> and only allowing hard to crack ones. Guess what? I was wrong about that. I
> am glad the password algorithm that filters out new passwords as insecure is
> as picky as it is... )
I think you underestimate the ingenuity of these people, and the amount of
free time they have on their hands.
Regards
ROSCO
|
|
Message has 2 Replies:
 | | Re: Email Authentication - Why not make it optional?
|
| Hello Ross, hello everybody, (...) Yes, even if you may not like this concept. It has always been that way. Look at how many regulations you have to follow in your life outside the 'net. Most of those are only necessary, because there are also some (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp)
|
Message is in Reply To:
42 Messages in This Thread:
  
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
