At 11:06 AM +0100 2006-06-09, Ian Eiloart wrote:
Using a per-sender password for the same mechanism will prevent the spoofing,
Only if you ensure that the entire email transmission chain is encrypted.
Using the existing "Approved:" mechanism would also prevent the spoofing, and would have the same exposures regarding encryption.
We're not trying to fix all of the security problems in Mailman, we're just trying to take an existing mechanism (with known vulnerabilities) and extend that to work in a per-sender manner.
That's only possible if you know the sender is on-site (on your campus, in your company, whatever). If that's true, then you can rely on authenticated SMTP anyway.
Red Herring. We're not trying to fix all the possible security problems in Mailman. That's a job for Barry, Tokio, Mark, and others.
-- Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755LOPSA member since December 2005. See <http://www.lopsa.org/>.