Subject:
|
Re: E-mail authentication during posting
|
Newsgroups:
|
lugnet.admin.nntp
|
Date:
|
Wed, 20 Jun 2001 18:33:02 GMT
|
Viewed:
|
1096 times
|
| |
| |
Hello Todd, hello everybody,
> Inline authentication is used with success in some mailing list packages
> for moderating lists, but what worries me most about inline authentication
> is how easy it would be to accidentally cc someone when posting via e-mail
> (for example, if you used the Reply-To-All button) or to unknowingly send
> a reply via e-mail to someone when you thought you were posting it to the
> NNTP server (for example, if someone had set Followup-To: poster.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Or if someone is using Outlook Express, which unfortunately defaults to
email response when hitting "reply" in the toolbar ... :-(
I have been following the discussion about inline authentication for a
while, and it seems to me that, indeed, using a clear text password
somewhere in the message is not secure enough.
That brings me back to my original idea of using PGP. A PGP signature is
unique to the message it is being sent with. Therefore, it cannot be
misused, even if it gets into evil hands. It can be checked by anyone who is
interested, obviously including the incoming message processing system on
the news server. If no (or an incorrect) signature is found in a post, the
system could fall back to the current email/web based scheme.
I see the LUGNET community starting to divide into two parties: One "Pro",
consisting of people who have been affected by the spoofing, or are using
the Web interface, and the "Con", which does not like the out-of-band
authentication mechanism they are being forced to use. I don't like the idea
of conducting flame wars between those two. This has by now become the most
important reason for me to advocate an in-band solution for the mail and
news server interfaces.
What do you think?
Greetings
Horst
|
|
Message is in Reply To:
| | Re: E-mail authentication during posting
|
| (...) Inline authentication is used with success in some mailing list packages for moderating lists, but what worries me most about inline authentication is how easy it would be to accidentally cc someone when posting via e-mail (for example, if you (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
|
8 Messages in This Thread:
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|