[Mailman-Developers] 2.1.8 documentation mismatch
Ian Eiloart
iane at sussex.ac.uk
Thu Jun 8 16:26:25 CEST 2006
--On 8 June 2006 12:39:22 +0100 David Lee <t.d.lee at durham.ac.uk> wrote:
> The incoming email
> would carry a header (of first line in body) of something like:
> Authorised: sender-pw
>
> where "sender-pw" is associated with the (claimed) From-address. This is
> different from, but complementary to, "Approved: list-pw".
That's neither approval nor authorisation, it's authentication - proving
that the person who used the email address also knew the password
associated with it. It's far better to insist on authenticated SMTP for ALL
message submission.
>
> Given that I'm just about to start on implementing this, it would be nice
> to establish whether this sender-related word "Authorised" is the
> appropriate word, or if there is something better.
>
I've had a look through that thread, and I'm not sure what you're trying to
achieve. Generally, there are two aspects to deciding whether someone can
post to a list: "authorisation" and "authentication".
Passwords are usually used for both, but it's far better to separate the
functions. Knowledge of a personal password serves to authenticate you, but
not to authorise you. Knowledge of a shared password is sometimes used for
authorisation, but can't be used for authentication. Even for
authorisation, passwords are extremely weak.
--
Ian Eiloart
IT Services, University of Sussex
More information about the Mailman-Developers
mailing list