RE: [courier-users] RE: Newsletter with courier-mlm

[Malcolm Weir]

> -----Original Message-----
> From: Julian Mehnle
> Sent: Thursday, December 04, 2003 3:16 PM

> Peter <[EMAIL PROTECTED]> wrote:
> > I could imagine that there are many people out there that would like
> > to run newsletters based on courier-mlm, if they knew how they could
> > assure that only allowed people can post to that newsletter.
> 
> I'm using a secret posting address, like 
> <[EMAIL PROTECTED]>, by renaming the dot-courier 
> file "$HOME/.courier" to "$HOME/.courier-paYBBe8RY3".  I don't 
> know what your problem with that approach is.  Username/password 
> authentication methods, by definition, are "security through 
> obscurity", too.

Julian, you're misusing the term or art "security through obscurity".

>  As I told you, the only top secure method would 
> be to check for cryptographic signatures on the to-be-posted 
> messages.  (And even that, by definition, is "security through 
> obscurity".)

Nope.  The difference is illustrated by considering how difficult it would be to 
defeat the two approaches and introduce a unauthorized message.  With the fist 
technique, all you need to know is the address on the envelope.  With the second, you 
need information that may not be stored anywhere but in the sender's head.

Malc.



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users