On 12/21/2004 15:47, "Terri Oda" <terri@zone12.com> wrote:
On Dec 15, 2004, at 11:37 AM, John Dennis wrote:
This was forwarded to me by our security officer. I believe the original author, Florian Weimer, intended to reach this list but did not know how to and instead went through his security contacts. Perhaps Florian's concerns would best be addressed in MM 3.0 and maybe this should be added to the MM 3.0 feature list. BTW, is there an independent MM 3.0 list? I thought I had heard such a beast existed, but my recollection is hazy.
The underlying problem may be that Mailman refers to the access tokens as "passwords".
They are not "passwords" in the sense a security office would think of (they travel around in cleartext; they are stored in cleartext; they are gratuitously or by unauthenticated request mailed out, etc.
The expectation level should be implicit in the text from the listinfo page:
"You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext."
Designing an archiving system such that only people who were subscribed at the time a message was posted and have been subscribed continuously since can see that message would certainly be possible (if the problems of email address changes are solved, which probably implies that an email address is no longer an identifier), along with "better" passwords. I would think it would be an option, not the new "way things are."
--John