-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 9 Jun 2006 09:01:31 -0500 Brad Knowles <brad@stop.mail-abuse.org> wrote:
Using the existing "Approved:" mechanism would also prevent the spoofing, and would have the same exposures regarding encryption.
Actually, that might be the right approach here. Just use the existing Approved header, but instead of checking it only against the list admin password, check it against the user's password too. In fact do that first, falling back to the list admin password only if that fails.
No new header necessary. Think 'sudo'.
- -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)
iQCVAwUBRImUoHEjvBPtnXfVAQLTQQQAsstiGXz2mfDtK5hBBJeOrwftrcs3+/xo QkNmjvSnVXyNqFMXQRhLcVB8o1PsJhPTTfXnDHRBwamK7Fow8RYlmNjF7g/QHMMu jo7Zv1JtR+IYVJPm16DmPPhZJHPlWtenB2eWbu2ZB4WjChrHYzDQFg6GXyiwFFSo lpMknsjNsMA= =3UHn -----END PGP SIGNATURE-----