June 13, 2014
2:16 a.m.
On Thu, Jun 12, 2014 at 10:07 PM, Stephen J. Turnbull <stephen@xemacs.org> wrote:
John R Levine writes:
Honestly, Tough Noogies. Let list managers make their own security decisions.
Revealing a user password is not a list security decision, it's a user security decision. Asking users for their passwords is evil, period.
Unless I am mistaking things, the sheer irony here is that Yahoo's bastardized version of DMARC, which is necessary to stave off collateral damage from their past security breach(es?), needs to be further augmented with even less user security in order to be secure. O.o Man that boggles the mind.
-Jim P.