To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.nntpOpen lugnet.admin.nntp in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / NNTP / 861
860  |  862
Subject: 
 Re: E-mail authentication during posting
Newsgroups: 
 lugnet.admin.nntp
Date: 
 Wed, 20 Jun 2001 18:33:02 GMT
Viewed: 
 1020 times
  
Hello Todd, hello everybody,

Inline authentication is used with success in some mailing list packages
for moderating lists, but what worries me most about inline authentication
is how easy it would be to accidentally cc someone when posting via e-mail
(for example, if you used the Reply-To-All button) or to unknowingly send
a reply via e-mail to someone when you thought you were posting it to the
NNTP server (for example, if someone had set Followup-To: poster.
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Or if someone is using Outlook Express, which unfortunately defaults to
email response when hitting "reply" in the toolbar ... :-(

I have been following the discussion about inline authentication for a
while, and it seems to me that, indeed, using a clear text password
somewhere in the message is not secure enough.

That brings me back to my original idea of using PGP. A PGP signature is
unique to the message it is being sent with. Therefore, it cannot be
misused, even if it gets into evil hands. It can be checked by anyone who is
interested, obviously including the incoming message processing system on
the news server. If no (or an incorrect) signature is found in a post, the
system could fall back to the current email/web based scheme.

I see the LUGNET community starting to divide into two parties: One "Pro",
consisting of people who have been affected by the spoofing, or are using
the Web interface, and the "Con", which does not like the out-of-band
authentication mechanism they are being forced to use. I don't like the idea
of conducting flame wars between those two. This has by now become the most
important reason for me to advocate an in-band solution for the mail and
news server interfaces.

What do you think?

Greetings

Horst



Message is in Reply To:
  Re: E-mail authentication during posting
 
(...) Inline authentication is used with success in some mailing list packages for moderating lists, but what worries me most about inline authentication is how easy it would be to accidentally cc someone when posting via e-mail (for example, if you (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)

8 Messages in This Thread:



Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR