[Mailman-Developers] Alternate authentication mechanism (was ...
RELEASED Mailman 2.1 beta 5)
Thu Nov 21 18:10:13 2002
On Thu, 21 Nov 2002, Marilyn Davis wrote:
> > I'd like to see a different mechanism - when you want to change your account
> > info, Mailman would email you a URL containing a short-lived session key
> > that you could use to get to your account page. No passwords.
> Or, mailman can require a confirmation message, like it does for
> It would be good if a group could turn on encryption to encrypt the
> messages and keep them off the web. I suppose that's a big project.
It's actually very easy to do. I created a proof-of-concept earlier
this year by encrypting all traffic to/from my mailman lists with IBE
(Identity Based Encryption). Worked out pretty well.
I think the suggestion about a URL being mailed is far better (again a
sniffer could get the url and reset the password before the user), but
at least the password isn't readable...
More information about the Mailman-Developers