[Mailman-Developers] 2.1.8 documentation mismatch
barry at python.org
Thu Jun 8 17:25:37 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 08 Jun 2006 15:26:25 +0100
Ian Eiloart <iane at sussex.ac.uk> wrote:
> > where "sender-pw" is associated with the (claimed) From-address.
> > This is different from, but complementary to, "Approved: list-pw".
> That's neither approval nor authorisation, it's authentication -
That's a good point.
> Passwords are usually used for both, but it's far better to separate
> the functions. Knowledge of a personal password serves to
> authenticate you, but not to authorise you. Knowledge of a shared
> password is sometimes used for authorisation, but can't be used for
> authentication. Even for authorisation, passwords are extremely weak.
There has been some interest in the past on associating pubkeys with
email addresses and using those to authenticate senders of signed
messages. In the long run, that's probably a worthy avenue to pursue.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v18.104.22.168 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Mailman-Developers