[Mailman-Developers] 2.1.8 documentation mismatch
Barry Warsaw
barry at python.org
Thu Jun 8 17:25:37 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 08 Jun 2006 15:26:25 +0100
Ian Eiloart <iane at sussex.ac.uk> wrote:
> > where "sender-pw" is associated with the (claimed) From-address.
> > This is different from, but complementary to, "Approved: list-pw".
>
> That's neither approval nor authorisation, it's authentication -
That's a good point.
> Passwords are usually used for both, but it's far better to separate
> the functions. Knowledge of a personal password serves to
> authenticate you, but not to authorise you. Knowledge of a shared
> password is sometimes used for authorisation, but can't be used for
> authentication. Even for authorisation, passwords are extremely weak.
There has been some interest in the past on associating pubkeys with
email addresses and using those to authenticate senders of signed
messages. In the long run, that's probably a worthy avenue to pursue.
- -Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iQCVAwUBRIhBcnEjvBPtnXfVAQKZTwP/a0ULu7v8TQyrjAgI3Uj/znrsy+Kh24qp
ilmE3Y/E9YXiYaSwpgdrLIyIH4zODXspML8l4jnscOBNexlpKNqfY4ZA9ky2oKoI
x1YWDZmdVbrWyO5y3pN0bNOhQOkdiBqAs1STv5TP1VoN95eHQQrVlpGTMf6jTGll
ZBl3kfV7xrU=
=oLd8
-----END PGP SIGNATURE-----
More information about the Mailman-Developers
mailing list